Brion Vibber [Fri, 19 Nov 2010 22:00:22 +0000 (14:00 -0800)]
Ticket #1987: support since_id on API notice search methods.
max_id is not yet implemented, as it'll need support added to the search backends. (since_id we get 'for free' by just cropping off the list, it'll do for now)
Brion Vibber [Fri, 19 Nov 2010 20:39:07 +0000 (12:39 -0800)]
Ticket #2441: fix deletion of avatars when a profile is deleted.
Code was doing a batch call to $avatar->delete() which fails to properly engage the file deletion code. Calling the existing profile->delete_avatars() function deletes them individually, which makes it all work nice again.
Brion Vibber [Fri, 19 Nov 2010 19:56:03 +0000 (11:56 -0800)]
Ticket #2899: clean up inbox/outbox DM form a bit:
- "To" drop-down list now defaults to showing "Select recipient:" instead of the first person on your list, reducing liklihood of accidentally sending a message to the wrong person.
- When there are no mutual subscribers to send to, instead of an empty list the list now shows 'No mutual subscribers.'
In both cases, attempting to send when the default is selected displays an error message.
I'm not disabling form elements in part because our themes right now don't show disabled button state correctly; we might want to tighten that up a bit more once fixed.
Brion Vibber [Thu, 18 Nov 2010 22:40:05 +0000 (14:40 -0800)]
scripts/deletegroup.php -- basic CLI script to delete a group by id or local nickname. Like deleteuser.php, this can be used in batch runs by providing the -y override.
Brion Vibber [Wed, 17 Nov 2010 22:24:35 +0000 (14:24 -0800)]
Partial fix for tickets #2194, #2393: Workaround for Meteor breaking AJAX error responses returned on posting new notices. Fixes things in Firefox 4, but Safari 5 and Chrome 8 still don't return data... either on success or failure! Sigh.
The Meteor realtime plugin sets document.domain to the common prefix between the main server and the Meteor server's hostnames, which overrides the same-origin controls on JavaScript DOM access so the two parts of the app can speak to each other.
This unfortunately causes "fun" side effects for XMLHTTPRequest access to the main domain... if the new domain doesn't match the actual host (eg 'status.net' instead of 'brion.status.net') then we can't access the XHR's responseXML attribute, which holds a DOM tree of the parsed XML return data.
As a workaround, if we can't get at the contents there, we'll parse a fresh DOM tree in the local context from the responseText property, which remains available.
In the longer term, recommend retooling the realtime stuff so it's not fiddling with document.domain. It could also be an issue as it could allow local JavaScript XSS attacks to migrate to subdomains in other open windows.
Brion Vibber [Wed, 17 Nov 2010 21:03:59 +0000 (13:03 -0800)]
Add $config['attachments']['process_links'] to allow disabling processing of mentioned URL links for attachment info (oEmbed lookups) and dereferencing of redirects that we didn't have shortened ourselves.
This option may be useful for intranet sites that don't have direct access to the internet, as they may be unable to successfully fetch those resources.
Brion Vibber [Mon, 15 Nov 2010 23:34:12 +0000 (15:34 -0800)]
Stub RemoteprofileAction to show the standard profile header stuff for offsite users -- provides a way to get at the mod & block controls for remote users.
Brion Vibber [Mon, 15 Nov 2010 23:32:57 +0000 (15:32 -0800)]
some User -> Profile cleanup to help in adapting the profile page action to show stuff for remote users. Subscriptions, groups, roles, etc are all on profiles now so go ahead and use em.
Brion Vibber [Mon, 15 Nov 2010 20:35:15 +0000 (12:35 -0800)]
Drop PEAR Services_oEmbed -- ended up replaced by our oEmbedHelper wrapper. The extra validation available there is problematic, and their code for building HTML for us wasn't being used anyway.
Brion Vibber [Mon, 15 Nov 2010 19:25:38 +0000 (11:25 -0800)]
Swap the Services_oEmbed wrapper in oEmbedHelper out for doing it ourselves...
- workaround for providers that are skimpy on their data, such as missing width/height or thumbnail_width/thumbnail_height
- workaround for YFrog listing "image" instead of "photo" type
- generally more lax about formatting: if it comes back and looks kinda ok, we'll take it.
- discovery uses system HTML parser, should be more robust if the links include things like ampersands with proper HTML-level escaping
Brion Vibber [Mon, 15 Nov 2010 19:01:00 +0000 (11:01 -0800)]
Workaround for yfrog.com photo attachments: fudge File_redirection::lookupWhere()'s HTTP handling -- when we get a 204 on a HEAD, double-check it by re-running as a GET. yfrog.com returns a 204 incorrectly for this case.
Brion Vibber [Sat, 13 Nov 2010 01:41:35 +0000 (17:41 -0800)]
Encapsulate the oEmbed -> oohembed fallback into oEmbedHelper class. Also added a chance to whitelist sites that don't show discovery info but do have oEmbed API endpoints, and to provide alternate APIs for some common services.
Newly supported:
- TwitPic: added a local function using TwitPic's API, since the oohembed implementation for TwitPic produced invalid output which Services_oEmbed rejects. (bug filed upstream)
Tweaked...
- Flickr: works, now using whitelist to use their endpoint directly instead of going through oohembed
- Youtube: worked around a bug in Services_oEmbed which broke the direct use of API discovery info, so we don't have to use oohembed.
Not currently working...
- YFrog: whitelisting their endpoint directly as the oohembed output is broken, but this doesn't appear to work currently as I think things are confused by YFrog's servers giving a '204 No Content' response on our HEAD checks on the original link.
Brion Vibber [Fri, 12 Nov 2010 22:03:57 +0000 (14:03 -0800)]
Only use saved thumbnails for notice list attachment thumbs -- don't attempt to search enclosures for photo types. We now save thumbs directly for oEmbed photos that don't list a separate thumb entry (like Flickr), so it's not needed. Keeps things cleaner :D
Brion Vibber [Fri, 12 Nov 2010 22:03:08 +0000 (14:03 -0800)]
Save oEmbed photo references as thumbnails if there's not a separate thumbnail_url entry in the return data. This fixes thumb saving for Flickr photo references.
Brion Vibber [Fri, 12 Nov 2010 21:06:41 +0000 (13:06 -0800)]
Fix for failure edge case in TwitterBridge outgoing repeat/retweets.
When the retweet failed with a 403 error (say due to it being a private tweet, which can't be retweeted) we would end up mishandling the return value from our internal error handling.
Instead of correctly discarding the message and closing out the queue item, we ended up trying to save a bogus twitter<->local ID mapping, which threw another exception and lead the queue system to re-run it.
- Fixed the logic check and return values for the retweet case in broadcast_twitter().
- Added doc comments explaining the return values on some functions in twitter.php
- Added check on Notice_to_status::saveNew() for empty input -- throw an exception before we try to actually insert into db. :)
Brion Vibber [Fri, 12 Nov 2010 20:24:55 +0000 (12:24 -0800)]
Add a quick config setting to disable/enable display of thumbnails in regular notice lists (attachments/show_thumbs) - disabling gives the same display as before this feature was added (but changes to oembed handling are still there, and the lightbox popup is gone)