Brion Vibber [Thu, 18 Mar 2010 16:22:08 +0000 (09:22 -0700)]
Ensure that DB connection is active at start of User::updateKeys() and Foreign_user::updateKeys(); calls to $this->_quote() require a live connection object and don't lazy-initialize themselves.
May fix WSOD when changing incoming email address.
Brion Vibber [Thu, 18 Mar 2010 00:35:27 +0000 (17:35 -0700)]
Ticket #2244: fix to interpretation of escaped HTML and plaintext Atom content on incoming OStatus messages.
We were double-unescaping for <content type="html">, turning <b> escaped chars into literal tags (which then may get removed entirely by the HTML scrubber).
Brion Vibber [Wed, 17 Mar 2010 21:16:43 +0000 (14:16 -0700)]
Tweak to OStatus long message cropping: use original source notice URL for the link in the text version, don't shorten the link for the HTML so we can append params to it in JS.
Brion Vibber [Wed, 17 Mar 2010 19:34:35 +0000 (12:34 -0700)]
When too-long messages come in via OStatus, mark the attachment link up as a "more" link in the HTML output, marked with class="attachment more" so JS code can fold it out smartly. Text output will still include the raw link.
Brion Vibber [Wed, 17 Mar 2010 17:52:11 +0000 (10:52 -0700)]
Workaround for HTTP authentication in the API when running PHP as CGI/FastCGI. Example rewrite lines added as comments in htaccess.sample, API tweaked to accept alternate environment var form.
Brion Vibber [Wed, 17 Mar 2010 17:52:11 +0000 (10:52 -0700)]
Workaround for HTTP authentication in the API when running PHP as CGI/FastCGI. Example rewrite lines added as comments in htaccess.sample, API tweaked to accept alternate environment var form.
Brion Vibber [Tue, 16 Mar 2010 23:23:19 +0000 (16:23 -0700)]
Pull back for now on switch of PEAR error mode to exceptions; seems to trigger out exceptions at various times we don't want them.
For instance this was throwing an exception for DB_DataObject::staticGet when there's no match... definitely not what we want when all our code expects to get a nice null.
Example of this causing trouble: http://gitorious.org/statusnet/mainline/merge_requests/131
Revert "Don't attempt to retrieve the current user from the DB while processing a DB error"
Brion Vibber [Tue, 16 Mar 2010 23:23:19 +0000 (16:23 -0700)]
Pull back for now on switch of PEAR error mode to exceptions; seems to trigger out exceptions at various times we don't want them.
For instance this was throwing an exception for DB_DataObject::staticGet when there's no match... definitely not what we want when all our code expects to get a nice null.
Example of this causing trouble: http://gitorious.org/statusnet/mainline/merge_requests/131
Revert "Don't attempt to retrieve the current user from the DB while processing a DB error"
Sarven Capadisli [Tue, 16 Mar 2010 19:53:49 +0000 (20:53 +0100)]
Added extra condition to focusing on notice form on page load. If the
window location contains a fragument identifier, it will skip focus
and do what the UA does natively.
Jeffery To [Tue, 9 Mar 2010 02:20:48 +0000 (10:20 +0800)]
Fixed "Warning: syslog() expects parameter 1 to be long, string given"
With the FirePHP plugin enabled, I get these warnings in the output
page. This is because the StartLog handler inadvertly modifies the
original (number) priority with the corresponding (string) FirePHP
priority.
Jeffery To [Tue, 16 Mar 2010 09:31:05 +0000 (17:31 +0800)]
Fixed IE7 prompting the user to download OpenSearch description xml after login (for a private site)
Flow:
1. Browser (IE7) is redirected to the login page.
2. Browser reads the page, sees OpenSearch descriptions, tries to
download them. Each request gets recorded by SN as the page the user
should be redirected to after logging in (returnto).
3. User logs in, then gets redirected to the returnto action, which is
an OpenSearch description.
The OpenSearch descriptions aren't sensitive so making them public in a
private site should be okay.
Brion Vibber [Mon, 15 Mar 2010 22:08:16 +0000 (15:08 -0700)]
Background deletion of user accounts. Notices are deleted in chunks, then the user itself when they're all gone.
While deletion is in progress, the account is locked with the 'deleted' role, which disables all actions with rights control.
Todo:
* Pretty up the notice on the profile page about the pending delete. Show status?
* Possibly more thorough account disabling, such as disallowing all use for login and access.
* Improve error recovery; worst case is that an account gets left locked in 'deleted' state but the queue jobs have gotten dropped out. This would leave the username in use and any undeleted notices in place.
Brion Vibber [Mon, 15 Mar 2010 22:41:57 +0000 (15:41 -0700)]
Drop result ID from data objects on clone(). This keeps the original object working if it was in the middle of a query loop, even if the cloned object falls out of scope and triggers its destructor.
This bug was hitting a number of places where we had the pattern:
$db->find();
while($dbo->fetch()) {
$x = clone($dbo);
// do anything with $x other than storing it in an array
}
The cloned object's destructor would trigger on the second run through the loop, freeing the database result set -- not really what we wanted.
(Loops that stored the clones into an array were fine, since the clones stay in scope in the array longer than the original does.)
Detaching the database result from the clone lets us work with its data without interfering with the rest of the query.
In the unlikely even that somebody is making clones in the middle of a query, then trying to continue the query with the clone instead of the original object, well they're gonna be broken now.
Brion Vibber [Mon, 15 Mar 2010 20:26:42 +0000 (20:26 +0000)]
Fix feed discovery: html:link@rel can contain multiple values; saw rel="updates alternate" in the wild at http://tantek.com/ which broke old discovery code.
Brion Vibber [Mon, 15 Mar 2010 18:38:37 +0000 (11:38 -0700)]
Consolidate and patch up redirection to remote notices.
Now using the correct order consistently (URL, then URI if http/s), and as a niceness measure skipping the redirect if the only URL we have stored is the local one. (Could happen if remote OStatus feed has tag URIs and no alt link.)
Brion Vibber [Mon, 15 Mar 2010 16:42:25 +0000 (09:42 -0700)]
Add scripts/docgen.php to build basic doxygen HTML docs from doc comments, either for core or a given plugin.
Nothing too fancy yet; style and layout needs some loving!
Brion Vibber [Fri, 12 Mar 2010 19:19:56 +0000 (11:19 -0800)]
Fixes for updating indices, charset/collation and engine type on plugin-created tables.
Under MySQL, new tables will be created as InnoDB with UTF-8 (utf8/utf8_bin) same as core tables.
Existing plugin tables will have table engine and default charset/collation updated, and string columns will have charset updated, at checkschema time.
Switched from 'DESCRIBE' to INFORMATION_SCHEMA for pulling column information in order to get charset. A second hit to INFORMATION_SCHEMA is also needed to get table properties.
Indices were only being created at table creation time, which ain't so hot. Now also adding/dropping indices when they change.
Fixed up some schema defs in OStatus plugin that were a bit flaky, causing extra alter tables to be run.
TODO: Generalize this infrastructure a bit more up to base schema & pg schema classes.
Brion Vibber [Fri, 12 Mar 2010 02:10:41 +0000 (18:10 -0800)]
Don't switch people from the Memcache to Memcached plugin without their knowledge when using back-compatibility $config['memcached']['enabled']. Performance characteristics for Memcached version on large-scale sites not tested yet.
New installations should be using addPlugin explicitly.
Brion Vibber [Fri, 12 Mar 2010 02:01:50 +0000 (18:01 -0800)]
Fixes for password recovery; lookups for unconfirmed addresses were failing or inconsistent (using staticGet with unindexed fields, which would not get decached correctly and could get confused if multiple pending confirmations of different types are around).
Also uses updated email functions to include extra headers and ensure the proper address is used.
Craig Andrews [Fri, 12 Mar 2010 01:12:32 +0000 (20:12 -0500)]
move image type checking to constructor, so checking will be done in all cases
check if the relevant image handling function exists when deciding if the image type is supported
Sarven Capadisli [Thu, 11 Mar 2010 22:16:37 +0000 (17:16 -0500)]
foaf:holdsAccount is deprecated in favour of foaf:account. See
http://lists.foaf-project.org/pipermail/foaf-dev/2009-December/009903.html
for the news. Patch by Toby Inkster <mail@tobyinkster.co.uk>.
Brion Vibber [Thu, 11 Mar 2010 19:01:01 +0000 (11:01 -0800)]
Drop timestamp cutoff parameter from User::getCurrentNotice() and Profile::getCurrentNotice().
It's not currently used, and won't be efficient when we update the notice.profile_id_idx index to optimize for our id-based sorting when pulling user post lists for profile pages, feeds etc.