Brion Vibber [Sat, 18 Dec 2010 00:22:26 +0000 (16:22 -0800)]
Sort indexing fix for profile sidebar: add group_member_profile_id_created_idx to group_member table, streamlines sorting of your group memberships in the sidebar
Brion Vibber [Fri, 17 Dec 2010 21:03:18 +0000 (13:03 -0800)]
Notice::whereSinceId() and Notice::whereMaxId() encapsulate logic for building where clauses for since_id/max_id parameters. Can override the field names from 'id' and 'created'.
Brion Vibber [Fri, 17 Dec 2010 20:09:02 +0000 (12:09 -0800)]
Notice::getAsTimestamp() static function to look up the timestamp for a given notice, even if it's been deleted. To be used for converting since_id/max_id processing to use timestamp sorting internally.
Brion Vibber [Fri, 17 Dec 2010 01:02:02 +0000 (17:02 -0800)]
Tickets #2112, 2333, 1677, 2362, 2831: fix AJAX form posting on SSL page views with ssl=sometimes
These have been failing for ages due to our outputting full URLs all the time, usually with the default protocol instead of the current one.
Forms would get output with an http: URL in their contents even when destined for an HTTPS page; while a regular form submission would just warn you about the secure->insecure transition, the AJAX code was failing outright and then not bothering to fall back to the regular submission.
I found it was easy to detect the mismatch -- just check the target URL and the current page's protocol before submitting.
Since failing over to non-AJAX submission to the HTTP URL throws up a warning, I figured it'd be easier (and much nicer for users) to just let it rewrite the target URL to use the secure protocol & hostname before doing the final submit.
This check is now automatically done for anything that calls SN.U.FormXHR() -- making most of our buttons on notices and profile/group headers work naturally.
The notice form setup code also runs the rewrite, which gets posting working without an error dialog.
I'd prefer in the long run to simply use relative URLs in most of our output; it avoids this problem completely and lets users simply stay in the current protocol mode instead of being constantly switched back to HTTP when clicking around.
(Note that folks using the SSLAlways extension to Firefox, for instance, will have their browsers constantly sending them back to HTTP pages, mimicking the desired user experience even though we haven't fully implemented it. These folks are likely going to be a lot happier with forms that submit correctly to go along with it!)
Brion Vibber [Fri, 17 Dec 2010 00:18:49 +0000 (16:18 -0800)]
Fix for ticket #2910: fix inconsistencies in notice posting response display that broke help command, could be generally wonky
Previous code was importing nodes from the XHR result into current document, then pulling text content of what might be the right element, then concat'ing that straight into HTML. Eww! Now pulling the text content straight from the XHR result -- same element that we check for existence of -- and using jQuery's own text() to do the getting and setting of text. Also note that some browsers might have been pulling HTML instead of text, or other funkiness.
Brion Vibber [Wed, 15 Dec 2010 22:57:09 +0000 (14:57 -0800)]
Fix for ticket #2942: character counter now updates on cut and paste operations made with mouse or menu
This uses the 'copy' and 'paste' DOM events to trigger a counter update. I haven't had a chance to 100% confirm that middle-button click on X11 triggers the event, but it ought to.
Cut and paste events from context menu and main edit menu known good in:
* Firefox 4.08b-pre
* IE 9 preview 7
* IE 8 current
* Chrome 8 beta current
* Safari 5.0.3
Opera is listed as not supporting these events, oh well.
Note that using a *delete* command from a menu doesn't trigger an event. Sigh, you can't win everything.
Brion Vibber [Wed, 15 Dec 2010 20:14:25 +0000 (12:14 -0800)]
Cleaner code to avoid a couple PHP notices from accessing uninitialized variables in ostatus profile discovery (these cases hit checking diaspora accounts)
Brion Vibber [Wed, 15 Dec 2010 00:14:15 +0000 (16:14 -0800)]
Mark OembedAction, XrdAction, and (plugin) AutocompleteAction as read-only. Tweaked ApiStatusesShow and ApiTimelineUser to still claim read-only when hit with a HEAD request (usually link checkers or a precursor to a GET, and should be semantically equivalent to a GET without actually transferring data)
Brion Vibber [Mon, 13 Dec 2010 20:12:22 +0000 (12:12 -0800)]
TwitterBridge: partial merge of id_str usage from 0.9.x for improved 32-bit and pre-5.2.10 compatibility. (on 64-bit in 5.2.6 we can pull the integer IDs, but silently lose some precision on the end.)
Fixes for Twitter bridge breakage on 32-bit servers. New "Snowflake" 64-bit IDs have become too big to fit in the integer portion of double-precision floats, so to reliably use these IDs we need to pull the new string form now.
Machines with 64-bit PHP installation should have had no problems (except on Windows, where integers are still 32 bits)
Conflicts:
plugins/TwitterBridge/twitterimport.php <- as this hasn't been broken out, the import code is NOT FULLY UPDATED HERE.
Brion Vibber [Fri, 10 Dec 2010 22:08:36 +0000 (22:08 +0000)]
Workaround for locally-handled sessions breaking on PHP 5.3 with APC enabled.
Big thanks to the folks at http://pecl.php.net/bugs/bug.php?id=16745 for the secret juju!
Classes were being torn down before session save handlers got called at the end of the request, which exploded with complaints about being unable to find various classes.
Registering a shutdown function lets us explicitly close out the session before everything gets torn down.
Brion Vibber [Fri, 10 Dec 2010 22:08:36 +0000 (22:08 +0000)]
Workaround for locally-handled sessions breaking on PHP 5.3 with APC enabled.
Big thanks to the folks at http://pecl.php.net/bugs/bug.php?id=16745 for the secret juju!
Classes were being torn down before session save handlers got called at the end of the request, which exploded with complaints about being unable to find various classes.
Registering a shutdown function lets us explicitly close out the session before everything gets torn down.
Brion Vibber [Mon, 3 May 2010 23:49:59 +0000 (16:49 -0700)]
extlibs updates: PEAR::Mail to 1.2.0, PEAR::Net_SMTP to 1.4.2 (need to go together as a pair)
PEAR::Mail updated to 1.2.0 from 1.1.4, fixes deprecation warnings on PHP 5.3, as well as:
1.2.0:
• QA release - stable.
• Updated minimum dependencies (Net_SMTP, PEAR, PHP)
• Doc Bug #15620 Licence change to BSD
• Bug #13659 Mail parse error in special condition
• Bug #16200 - Security hole allow to read/write Arbitrary File
_hasUnclosedQuotes() doesn't properly handle a double slash before an end quote (slusarz@curecanti.org, Bug #9137).
• Make sure Net_SMTP is defined when calling getSMTPObject() directly (slusarz@curecanti.org, Bug #13772).
• Add addServiceExtensionParameter() to the SMTP driver (slusarz@curecanti.org, Bug #13764).
• Add a method to obtain the Net_SMTP object from the SMTP driver (slusarz@curecanti.org, Bug #13766).
PEAR::Net_SMTP updated to 1.4.2 from 1.3.1, needed to support updated PEAR::Mail:
1.4.2:
• Fixing header string quoting in data(). (Bug #17199)
1.4.1:
• The auth() method now includes an optional $tls parameter that determines whether or not TLS should be attempted (if supported by the PHP runtime and the remote SMTP server). This parameter defaults to true. (Bug #16349)
• Header data can be specified separately from message body data by passing it as the optional second parameter to ``data()``. This is especially useful when an open file resource is being used to supply message data because it allows header fields (like *Subject:*) to be built dynamically at runtime. (Request #17012)
1.4.0:
• The data() method now accepts either a string or a file resource containing the message data. (Request #16962)
1.3.4:
• All Net_Socket write failures are now recognized. (Bug #16831)
1.3.3:
• Added getGreeting(), for retrieving the server's greeting string. (Request #16066) [needed for PEAR::Mail]
• We no longer attempt a TLS connection if we're already using a secure socket. (Bug #16254)
• You can now specify a debug output handler via setDebug(). (Request #16420)
1.3.2:
• TLS connection only gets started if no AUTH methods are sent. (Bug #14944)