]>
git.mxchange.org Git - quix0rs-gnu-social.git/log
Mikael Nordfeldth [Wed, 26 Apr 2017 21:21:13 +0000 (23:21 +0200)]
LRDD blacklisted URL test
Mikael Nordfeldth [Wed, 26 Apr 2017 20:41:59 +0000 (22:41 +0200)]
Test URLs against blacklist also on PuSH subscriptions.
Mikael Nordfeldth [Wed, 26 Apr 2017 20:11:28 +0000 (22:11 +0200)]
allowed_schemes was misspelled
Mikael Nordfeldth [Sat, 22 Apr 2017 09:45:24 +0000 (11:45 +0200)]
Fix URL mention regular expression FOR REALZ
Mikael Nordfeldth [Sat, 22 Apr 2017 09:15:55 +0000 (11:15 +0200)]
Fix URL mention regular expression in OStatusPlugin
Mikael Nordfeldth [Sat, 22 Apr 2017 09:07:38 +0000 (11:07 +0200)]
Domain name regular expression into lib/framework.php
cherry-pick-merge
Mikael Nordfeldth [Sat, 22 Apr 2017 08:58:14 +0000 (10:58 +0200)]
Split up OStatusPlugin preg functions so they can be reused
cherry-pick-merge
Mikael Nordfeldth [Sat, 22 Apr 2017 08:55:24 +0000 (10:55 +0200)]
A bit more instructive debugging
Mikael Nordfeldth [Sat, 22 Apr 2017 08:51:03 +0000 (10:51 +0200)]
New domain regexp for WebFinger matching.
Mikael Nordfeldth [Wed, 19 Apr 2017 09:41:34 +0000 (11:41 +0200)]
Less frightening interface on remote subscription
Instead of an error message in a red box about being unable to find the
profile, you get the title "Remote subscription" and no error message.
Mikael Nordfeldth [Wed, 19 Apr 2017 09:37:43 +0000 (11:37 +0200)]
Empty resource would throw exception
The "+ Remote" link on your profile page broke because of exception.
Mikael Nordfeldth [Sun, 16 Apr 2017 09:04:17 +0000 (11:04 +0200)]
Merge branch 'master' of git.gnu.io:gnu/gnu-social
Mikael Nordfeldth [Sun, 16 Apr 2017 09:01:16 +0000 (11:01 +0200)]
Handle normalized acct: URIs in ostatussub
Mastodon sent the proper acct: URI and not just 'user@domain' when
using the remote subscribe functionality.
mmn [Thu, 6 Apr 2017 09:12:35 +0000 (09:12 +0000)]
Merge branch 'fix-openid-removal' into 'master'
Fix OpenID URI removal
See merge request !138
mmn [Thu, 6 Apr 2017 09:12:17 +0000 (09:12 +0000)]
Merge branch 'normalized_openid' into 'master'
Normalize OpenID URI before checking it for validity
Closes #251
See merge request !139
Sandro Santilli [Sat, 18 Mar 2017 12:33:07 +0000 (13:33 +0100)]
Fix OpenID URI removal
See #252
Sandro Santilli [Sat, 18 Mar 2017 09:55:14 +0000 (10:55 +0100)]
Normalize OpenID URI before checking it for validity
Fixes #251
Mikael Nordfeldth [Sat, 18 Mar 2017 00:36:35 +0000 (01:36 +0100)]
Merge branch 'master' of git.gnu.io:gnu/gnu-social
Mikael Nordfeldth [Fri, 24 Jun 2016 13:56:14 +0000 (15:56 +0200)]
StoreRemoteMedia now checks remote filesize before downloading
mmn [Sun, 15 Jan 2017 20:23:41 +0000 (20:23 +0000)]
Merge branch 'improve-status-length-calculation' into 'master'
improve status length calculation for messages forwarded to Twitter
See merge request !133
Bjoern Schiessle [Wed, 14 Dec 2016 14:54:02 +0000 (15:54 +0100)]
improve status length calculation, each link is exactly 23 characters long at Twitter
Mikael Nordfeldth [Tue, 13 Sep 2016 09:24:57 +0000 (11:24 +0200)]
wrong variable was referenced
Mikael Nordfeldth [Thu, 1 Sep 2016 23:01:57 +0000 (01:01 +0200)]
Merge branch 'master' of git.gnu.io:gnu/gnu-social
Mikael Nordfeldth [Thu, 1 Sep 2016 22:55:46 +0000 (00:55 +0200)]
Split up source and source_link. Never trust HTML!
https://community.highlandarrow.com/notice/269667
or alternatively: https://social.umeahackerspace.se/conversation/495655
Mikael Nordfeldth [Thu, 1 Sep 2016 22:08:17 +0000 (00:08 +0200)]
common_to_alphanumeric added, filtering Notice->source in classic layout
mmn [Fri, 17 Jun 2016 20:30:25 +0000 (16:30 -0400)]
Merge branch 'check-connection-on-install' into 'master'
Check DB connection before any possible use
This is to avoid an exception when enabling 'pgsql' backend
See merge request !121
Sandro Santilli [Tue, 24 May 2016 14:49:50 +0000 (16:49 +0200)]
Check DB connection before any possible use
Mikael Nordfeldth [Mon, 18 Apr 2016 14:09:36 +0000 (16:09 +0200)]
put local id, href and such in ostatus:conversation element
Mikael Nordfeldth [Mon, 21 Mar 2016 11:25:04 +0000 (12:25 +0100)]
Some Google stuff that need to be there (or comments)
Note that these won't be shown to the enduser and will never be accessed automatically.
We should put the salmon-protocol stuff on ostatus.org
Mikael Nordfeldth [Mon, 21 Mar 2016 11:12:24 +0000 (12:12 +0100)]
woops, accidentally deleted updates-from rel on mass Google-deletion
Mikael Nordfeldth [Mon, 21 Mar 2016 02:11:22 +0000 (03:11 +0100)]
geometa.js doesn't exist anymore
mmn [Mon, 21 Mar 2016 02:21:39 +0000 (22:21 -0400)]
Merge branch 'new-avatar' into 'master'
Changed default avatar in neo-gnu for the more fun @mosphirit gnu.
For now I am going to propose only that change, the default avatar. In the future maybe we can use only one SVG instead multiple PNG but I want to do for now the less changes possible.
See merge request !116
mmn [Mon, 21 Mar 2016 02:07:06 +0000 (22:07 -0400)]
Merge branch 'bashrc/remove_google_references' into 'master'
Remove Google References
This removes most references to:
- Google Code
- Google Buzz
- Google Maps
- Google Gears
- General Google services promotion
There are still some remaining Google references, particularly a script within plugins/Minify. You might want to check that to see if it's really necessary and whether the javascript it points to is actually free software.
See merge request !117
Bob Mottram [Sun, 20 Mar 2016 13:06:58 +0000 (13:06 +0000)]
Remove Google References
This removes most references to Google, with some
remaining since they may point to things which are still
relevant. References to Google Code, Google Buzz and
Google Maps have been removed
Carlos SanmartĂn Bustos [Sat, 19 Mar 2016 11:53:59 +0000 (12:53 +0100)]
Changed default avatar in neo-gnu for the more fun @mosphirit gnu.
Mikael Nordfeldth [Tue, 15 Mar 2016 15:52:57 +0000 (16:52 +0100)]
Upgrading from 1.1.x would make uri fields have length=255
Mikael Nordfeldth [Wed, 2 Mar 2016 13:35:08 +0000 (14:35 +0100)]
Fix a regression in
1f76c1e4 that stopped sending email confirmation on registration
Mikael Nordfeldth [Thu, 25 Feb 2016 14:48:37 +0000 (15:48 +0100)]
Notice getRendered() can now be called on uninserted notices
Mikael Nordfeldth [Thu, 25 Feb 2016 11:32:33 +0000 (12:32 +0100)]
socialfy-your-domain made people think you needed manual interaction
I don't know why, but people started following those instructions for no
apparent reason and it ended up causing a bunch of federation issues or
homegrown cron script messes.
Maybe changing the name to "another" instead of "your" domain will make
people stop doing stuff randomly.
Mikael Nordfeldth [Thu, 25 Feb 2016 18:46:17 +0000 (19:46 +0100)]
$metadata->thumbnail_url is not guaranteed to be set
We should probably have a separate class for this, so we can more
easily combine different technologies similar to oEmbed/OpenGraph.
Mikael Nordfeldth [Tue, 23 Feb 2016 23:19:27 +0000 (00:19 +0100)]
Use in_array instead. Now we get third party responses to contextually interesting threads
I think this solves much of the "third party conversation" issues, assuming involved parties
are using modern GNU social instances.
Mikael Nordfeldth [Tue, 23 Feb 2016 22:56:43 +0000 (23:56 +0100)]
Check the notice context for users in UsersalmonAction
Mikael Nordfeldth [Tue, 23 Feb 2016 22:50:57 +0000 (23:50 +0100)]
Properly attach activityobjects
For some reason they were written to ->object, which is incorrect as
we use the objects[] array (which usually just holds one entry though)
Mikael Nordfeldth [Tue, 23 Feb 2016 22:42:41 +0000 (23:42 +0100)]
Check that the user is in the context of a salmon slap
Mikael Nordfeldth [Tue, 23 Feb 2016 13:33:09 +0000 (14:33 +0100)]
getAliases should be only a list (numeric array)
Mikael Nordfeldth [Tue, 23 Feb 2016 13:15:08 +0000 (14:15 +0100)]
Let OpenID match against aliases (fix fancyurl stuff etc.)
Mikael Nordfeldth [Tue, 23 Feb 2016 13:00:59 +0000 (14:00 +0100)]
getAliases for Profile and Notice
Also move fancyurlfix into site-wide $config['fix']['fancyurls']
TODO: getByUri should make use of this directly I guess?
Mikael Nordfeldth [Mon, 22 Feb 2016 14:19:10 +0000 (15:19 +0100)]
Verify that authenticated API calls are made from our domain name.
Evil forms on other websites could otherwise potentially be configured
to have action="https://gnusocial.example/api/statuses/update.json" or
whatever. XHR is already blocked with CORS stuff.
Really, why do browsers allow cross domain POSTs at all? Sigh. The web.
Mikael Nordfeldth [Sun, 21 Feb 2016 19:05:32 +0000 (20:05 +0100)]
Make WebFinger fancyurlfix configurable
Mikael Nordfeldth [Sun, 21 Feb 2016 19:00:07 +0000 (20:00 +0100)]
WebFinger aliases with 'index.php/'
Mikael Nordfeldth [Sun, 21 Feb 2016 18:09:39 +0000 (19:09 +0100)]
Claim that we are the URL without index.php/ in webfinger response
Mikael Nordfeldth [Sun, 21 Feb 2016 18:01:37 +0000 (19:01 +0100)]
throw new, not just throw
Mikael Nordfeldth [Sun, 21 Feb 2016 17:48:48 +0000 (18:48 +0100)]
Let the WebFingerPlugin lookup profile resources with index.php/ too
Mikael Nordfeldth [Sun, 21 Feb 2016 17:48:18 +0000 (18:48 +0100)]
common_fake_local_fancy_url to remove index.php/ from a local URL
Mikael Nordfeldth [Sun, 21 Feb 2016 17:47:47 +0000 (18:47 +0100)]
Allow lookup of User->getByUri (throws NoResultException)
Mikael Nordfeldth [Sun, 21 Feb 2016 17:47:32 +0000 (18:47 +0100)]
Keep a unique set of WebFingerResource aliases
Mikael Nordfeldth [Thu, 18 Feb 2016 23:10:05 +0000 (00:10 +0100)]
Don't publish mbox_sha1sum in FOAF by default.
We say the email is private data, so reasonably we shouldn't reveal it
indirectly through a hash sum: http://xmlns.com/foaf/spec/#term_mbox_sha1sum
Mikael Nordfeldth [Wed, 17 Feb 2016 23:33:16 +0000 (00:33 +0100)]
Only show "public:site" in ToSelector if notice/allowprivate is true
Mikael Nordfeldth [Wed, 17 Feb 2016 23:32:09 +0000 (00:32 +0100)]
Put "Everyone" and "Everyone at [local instance]" at the top of ToSelector
Mikael Nordfeldth [Wed, 17 Feb 2016 23:13:59 +0000 (00:13 +0100)]
NoAcctUriException->profile not $e directly
Mikael Nordfeldth [Wed, 17 Feb 2016 23:05:09 +0000 (00:05 +0100)]
Sort ToSelector by AcctUri
Mikael Nordfeldth [Wed, 17 Feb 2016 22:44:15 +0000 (23:44 +0100)]
Use ToSelector choice again.
Mikael Nordfeldth [Wed, 17 Feb 2016 22:32:56 +0000 (23:32 +0100)]
Show notice feed URLs (and author)
Mikael Nordfeldth [Wed, 17 Feb 2016 22:05:44 +0000 (23:05 +0100)]
To-selector padlock only shown if site config notice/allowprivate is true
Mikael Nordfeldth [Wed, 17 Feb 2016 21:58:31 +0000 (22:58 +0100)]
By default, disallow users to set private_stream
Mikael Nordfeldth [Wed, 17 Feb 2016 21:48:16 +0000 (22:48 +0100)]
Describe that we don't allow empty fullnames.
Mikael Nordfeldth [Wed, 17 Feb 2016 21:43:45 +0000 (22:43 +0100)]
If profile fullname is 0 chars use nickname
Mikael Nordfeldth [Wed, 17 Feb 2016 21:36:33 +0000 (22:36 +0100)]
Make the Link header give URI for WebFinger lookup
Mikael Nordfeldth [Wed, 17 Feb 2016 20:57:52 +0000 (21:57 +0100)]
Differentiate two similar log warning messages
Mikael Nordfeldth [Tue, 16 Feb 2016 01:24:38 +0000 (02:24 +0100)]
Gotta declare FullNoticeStream as abstract class
Mikael Nordfeldth [Tue, 16 Feb 2016 01:21:39 +0000 (02:21 +0100)]
FullNoticeStream selects all verbs.
Mikael Nordfeldth [Mon, 15 Feb 2016 08:59:34 +0000 (09:59 +0100)]
created column was ambigououuuouuus
Mikael Nordfeldth [Mon, 15 Feb 2016 08:59:18 +0000 (09:59 +0100)]
We only want POST and SHARE in the inbox/home timeline right?
Mikael Nordfeldth [Sun, 14 Feb 2016 19:53:26 +0000 (20:53 +0100)]
Show shares in public timeline
Also, the unselect rule for DELETE was useless anyway since it would
already have been filtered out by not having true.
(the => false stuff are for when you want ALL _except_ that)
Mikael Nordfeldth [Sun, 14 Feb 2016 19:46:13 +0000 (20:46 +0100)]
Use NoticeStream::filterVerbs for filtering in noticestreams
Mikael Nordfeldth [Sat, 13 Feb 2016 13:06:05 +0000 (14:06 +0100)]
Might as well put a FILTER_SANITIZE_EMAIL there
Not that I think we could break out of the directory since
we use basename, but you never know... maybe there's a unicode
bug in PHP or something.
Mikael Nordfeldth [Sat, 13 Feb 2016 12:57:15 +0000 (13:57 +0100)]
socialfy-your-domain updated for webfinger (not tested)
Mikael Nordfeldth [Sat, 13 Feb 2016 12:17:39 +0000 (13:17 +0100)]
Hide attachments in notices by silenced profiles
Mikael Nordfeldth [Sat, 13 Feb 2016 00:19:47 +0000 (01:19 +0100)]
listGet was not meant for that really
Mikael Nordfeldth [Sat, 13 Feb 2016 00:16:34 +0000 (01:16 +0100)]
Render RegiserThrottle extra profile data properly
Mikael Nordfeldth [Sat, 13 Feb 2016 00:10:01 +0000 (01:10 +0100)]
Don't depend on ModLog
Mikael Nordfeldth [Sat, 13 Feb 2016 00:02:18 +0000 (01:02 +0100)]
RegisterThrottle list-profiles-by-ip
Mikael Nordfeldth [Fri, 12 Feb 2016 23:51:43 +0000 (00:51 +0100)]
Show user registration IP to users who can see ModLog
Mikael Nordfeldth [Fri, 12 Feb 2016 14:00:18 +0000 (15:00 +0100)]
Only administrators can delete other privileged users.
Mikael Nordfeldth [Fri, 12 Feb 2016 13:47:49 +0000 (14:47 +0100)]
Profile->isPrivileged() to check if users have more rights than to post etc.
Mikael Nordfeldth [Fri, 12 Feb 2016 13:38:03 +0000 (14:38 +0100)]
Update the comment on silencing privileged users in ModHelper
Mikael Nordfeldth [Fri, 12 Feb 2016 13:22:25 +0000 (14:22 +0100)]
Silence action can only be used on non-priviliged users
Mikael Nordfeldth [Fri, 12 Feb 2016 12:52:48 +0000 (13:52 +0100)]
Add Profile::ensureCurrent() to verify we _certainly_ got a Profile.
Mikael Nordfeldth [Fri, 12 Feb 2016 01:29:33 +0000 (02:29 +0100)]
file and avatar dirs on instances with no such dirs in filesystem
Mikael Nordfeldth [Fri, 12 Feb 2016 01:21:11 +0000 (02:21 +0100)]
Fix Nickname::isSystemPath() work properly for routes
Mikael Nordfeldth [Fri, 12 Feb 2016 00:45:47 +0000 (01:45 +0100)]
Do not delete_orphan_files on an instance with Qvitter
Mikael Nordfeldth [Thu, 11 Feb 2016 23:05:36 +0000 (00:05 +0100)]
And LEFT JOIN to actually get all results
Mikael Nordfeldth [Thu, 11 Feb 2016 22:38:12 +0000 (23:38 +0100)]
...and avoid duplicate results...
Mikael Nordfeldth [Thu, 11 Feb 2016 21:54:29 +0000 (22:54 +0100)]
Aurhg, and get all the properties, not just id
Mikael Nordfeldth [Thu, 11 Feb 2016 21:49:45 +0000 (22:49 +0100)]
Haha, it essentially became a NOOP with the last commit
Mikael Nordfeldth [Thu, 11 Feb 2016 21:43:26 +0000 (22:43 +0100)]
Fixed the delete orphan script to include deleted notices
The file_to_post table sometimes had post_id with values that did not
exist in the notice table.
Mikael Nordfeldth [Thu, 11 Feb 2016 21:19:56 +0000 (22:19 +0100)]
Delete orphan files maintenance script
When deleting a profile it'll delete its notices and the coupling to
file entries, but not the file entries themselves (and thus not the
files). So if one to delete a person uploading offending images, then
the images are left behind and can be hotlinked. This will remove it.
Mikael Nordfeldth [Thu, 11 Feb 2016 20:18:44 +0000 (21:18 +0100)]
XMPP URI scheme for HTMLPurifier
Mikael Nordfeldth [Wed, 10 Feb 2016 23:04:14 +0000 (00:04 +0100)]
application/xml allowed in uploads
Mikael Nordfeldth [Wed, 10 Feb 2016 03:43:30 +0000 (04:43 +0100)]
Stricter exception check