Brion Vibber [Thu, 14 Oct 2010 23:47:56 +0000 (16:47 -0700)]
Fix for ticket #2828, part II: apostrophe in site name set in installer created a broken config.php.
The previous commit fixed the base installer to properly quote its strings when creating config.php... but you'd actually end up with double-escaping if you had magic_quotes_gpc on. Magic quotes are evil and lame, but we gotta deal with em. :P Updated the web installer code to check for magic quotes, and to grab its variables consistently through the same interface.
Brion Vibber [Tue, 12 Oct 2010 23:29:13 +0000 (16:29 -0700)]
Improve cache-friendliness of user_group->delete().
Doesn't clear all possible cached entries, but this should get the ones that matter most: lookups by id, nickname, and alias. This should ensure that if a group name gets reused as a new group or alias, it should work properly.
There are some user-visible areas that aren't clear such as the 'top groups' lists on the GroupsAction sidebar; if a deleted group appears in those lists it'll go away within an hour when the cached query expires.
Brion Vibber [Tue, 12 Oct 2010 20:00:03 +0000 (13:00 -0700)]
Followup to IIS installer tweaks in [9bb48c36]:
* skip 0-byte config files when initializing, go ahead and redirect to installer if no non-0-byte files
* tweak warning on installer.php to let you know if you have a 0-byte config.php that's not writable, as opposed to generally already having a config.php with data in it
Brion Vibber [Tue, 12 Oct 2010 19:33:57 +0000 (12:33 -0700)]
Initial version of ModHelper plugin, with basic functionality but the UI stripped out until it's easier to get it done.
* users need to have 'modhelper' role manually added via userrole.php for now
* modhelper users can sandbox/unsandbox and silence/unsilence any user
** note that no new logging has been added for these moderator actions
* no user deletion for modhelpers
* probably no UserFlags special views for modhelpers
Brion Vibber [Mon, 11 Oct 2010 19:52:32 +0000 (12:52 -0700)]
Ticket #2811 use more consistent max limit for OAuth application registration descriptions; now using the field max of 255 rather than $config['site']['textlimit'] as fallback if $config['application']['desclimit'] is unset or out of bounds.
Brion Vibber [Fri, 8 Oct 2010 17:33:43 +0000 (10:33 -0700)]
Fix PHP fatal error in DeletenoticeAction: died when we had a valid notice, but weren't logged in due to accessing $this->user before the login check. Moved check up to prepare() from handle() so it's done before usage
Brion Vibber [Thu, 7 Oct 2010 19:32:10 +0000 (12:32 -0700)]
Workaround for regression in input validation due to more PCRE oddities. Recommend redoing common_validate_utf8() using something more reliable, perhaps. :P
Brion Vibber [Thu, 7 Oct 2010 19:03:33 +0000 (12:03 -0700)]
Pull up the guts of my fixed bit.ly plugin from an old work branch (that had made other changes we weren't happy with in the plugin management). Now works if given a global API key.
Brion Vibber [Thu, 7 Oct 2010 18:26:07 +0000 (11:26 -0700)]
OStatus fixup-shadow.php: add check for user_group entries with 'uri' entry shadowing an actual local_group -- this can cause trouble now that we sometimes actually use the uri field for lookups, and leaving the entries around would break updating the table to fill out formerly missing uris, since the unique index entry would already be taken by the bad entry.
Zach Copley [Tue, 5 Oct 2010 01:21:50 +0000 (01:21 +0000)]
Strip out the special 'p' paramter added by index.php from
$_SERVER['QUERY_STRING'] before doing OAuth requests. Required by the
latest version of the OAuth lib.
Brion Vibber [Wed, 6 Oct 2010 20:00:30 +0000 (13:00 -0700)]
Basic validation of UTF-8 input via GET/POST vars: invalid UTF-8 sequences will cause the string to drop. Not necessarily super-thorough; should be improved in future to drop individual bad sequences, do normalization of combining forms, etc. General input validation (for ints, types of strings, etc) still would be good to have!
Brion Vibber [Mon, 4 Oct 2010 22:13:27 +0000 (15:13 -0700)]
scripts/fixup_group_uri.php to fill in empty user_group.uri entries; needed before changing domain names on sites that are hosting groups for remote users