Brion Vibber [Thu, 14 Oct 2010 23:47:56 +0000 (16:47 -0700)]
Fix for ticket #2828, part II: apostrophe in site name set in installer created a broken config.php.
The previous commit fixed the base installer to properly quote its strings when creating config.php... but you'd actually end up with double-escaping if you had magic_quotes_gpc on. Magic quotes are evil and lame, but we gotta deal with em. :P Updated the web installer code to check for magic quotes, and to grab its variables consistently through the same interface.
Brion Vibber [Tue, 12 Oct 2010 20:00:03 +0000 (13:00 -0700)]
Followup to IIS installer tweaks in [9bb48c36]:
* skip 0-byte config files when initializing, go ahead and redirect to installer if no non-0-byte files
* tweak warning on installer.php to let you know if you have a 0-byte config.php that's not writable, as opposed to generally already having a config.php with data in it
Brion Vibber [Tue, 12 Oct 2010 19:33:57 +0000 (12:33 -0700)]
Initial version of ModHelper plugin, with basic functionality but the UI stripped out until it's easier to get it done.
* users need to have 'modhelper' role manually added via userrole.php for now
* modhelper users can sandbox/unsandbox and silence/unsilence any user
** note that no new logging has been added for these moderator actions
* no user deletion for modhelpers
* probably no UserFlags special views for modhelpers
Brion Vibber [Thu, 7 Oct 2010 19:32:10 +0000 (12:32 -0700)]
Workaround for regression in input validation due to more PCRE oddities. Recommend redoing common_validate_utf8() using something more reliable, perhaps. :P
Brion Vibber [Thu, 7 Oct 2010 19:03:33 +0000 (12:03 -0700)]
Pull up the guts of my fixed bit.ly plugin from an old work branch (that had made other changes we weren't happy with in the plugin management). Now works if given a global API key.
Brion Vibber [Thu, 7 Oct 2010 18:26:07 +0000 (11:26 -0700)]
OStatus fixup-shadow.php: add check for user_group entries with 'uri' entry shadowing an actual local_group -- this can cause trouble now that we sometimes actually use the uri field for lookups, and leaving the entries around would break updating the table to fill out formerly missing uris, since the unique index entry would already be taken by the bad entry.
Brion Vibber [Wed, 6 Oct 2010 20:00:30 +0000 (13:00 -0700)]
Basic validation of UTF-8 input via GET/POST vars: invalid UTF-8 sequences will cause the string to drop. Not necessarily super-thorough; should be improved in future to drop individual bad sequences, do normalization of combining forms, etc. General input validation (for ints, types of strings, etc) still would be good to have!
Brion Vibber [Mon, 4 Oct 2010 22:13:27 +0000 (15:13 -0700)]
scripts/fixup_group_uri.php to fill in empty user_group.uri entries; needed before changing domain names on sites that are hosting groups for remote users
Brion Vibber [Fri, 1 Oct 2010 18:05:15 +0000 (11:05 -0700)]
Throw in a quick event hook to override the profile list type on showstream (should be made more general in future).
Replace with a NoticeList to have output include avatar and username -- but CSS still hides them in default theme.
Event::addHandler('ShowStreamNoticeList', 'awesome');
function awesome($notice, $action, &$pnl)
{
$pnl = new NoticeList($notice, $action);
return false;
}
Brion Vibber [Fri, 1 Oct 2010 02:18:46 +0000 (19:18 -0700)]
Add a $config['plugins']['locale_path'] which can be set to override the individual plugins' locale subdirectories.
This will apply to *ALL* plugins in *ALL* languages, so should probably only be used when doing site customization...
Edit that (make sure you at least set the CHARSET, probably to UTF-8) and save your customized .po
files into the structure as above, and use msgfmt to generate .mo files for final output.
Brion Vibber [Fri, 1 Oct 2010 01:02:02 +0000 (18:02 -0700)]
ShareNotice plugin -- basic buttons per-notice to share the text & a link to the notice on other sites.
Default settings list Twitter, Facebook, and Identi.ca as targets.
Using icons built-in, and no magic offsite JS or anything so it won't slow down or break if third-party site goes down.
Default styles are a little limited, but can be customized in theme should one be so inclined.
ForceGroup plugin: optionally force new users to join a particular group or set of groups on registration; and/or to force posts by members of particular groups to be posted into those groups even if not explicitly mentioned. The posting feature requires a couple quick hook additions in core.
GroupFavorited plugin: adds 'Popular' tab to group navigation showing a popular pages subset for just posts in the group. Not necessarily terribly efficient, should be tested and benchmarked on non-trivial sites
Initial SlicedFavorites plugin to allow for customized variants of 'Popular' tab (favorited action) that include or exclude a given set of users. No added UI tabs in this version, beware!
Added an option to TinyMCE plugin to restrict the rich-text editor to users who have the 'richedit' role. This allows enabling it for a subset of accounts on a site while leaving other users using the regular posting system, which is more stable.
Always specify UTF-8 targt charset for html_entity_decode(); default is 8-bit ISO-8859-1 which causes things to break when we later pass them through things that expect to work with UTF-8. For instance, running through preg_replace() with the /u option results in NULL, leading to problems with OStatus and SubMirror generating their plaintext versions and doing length-cropping.
- Lookup anon profiles by ID (safer because they are guranteed to be unique) and probably faster
- Obfuscate the anonymous user session token to make it hard to figure out the profile ID
- Lookup anon profiles by ID (safer because they are guranteed to be unique) and probably faster
- Obfuscate the anonymous user session token to make it hard to figure out the profile ID
Enhanced OStatus fixup-shadow.php cleanup script to check for direct matches against user.uri and user_group.uri (for local groups). This should catch cases that were missed before because we were only doing pattern-matching checks, and the pattern didn't match because the site has been renamed and the old URI no longer matches the current domain / path structure.
Could use some more thorough testing in practice!
Yammer import (work run via background queues) now can be started from the admin panel! :DDDD Still requires that the app be registered on your network manually first.
Ok, got the AJAX clicky-throughs working for yammer auth (if app is already registered), but needs prettification. Yammer ignores callback URLs unless they're pre-registered with the app, and this apparently requires manual intervention to become a 'trusted' app, you don't get it on those you register yourself. Sigh. Also can't use an iframe since it breaks out of the frame (fair 'nuff)