]>
git.mxchange.org Git - quix0rs-gnu-social.git/log
Roland Haeder [Fri, 27 Mar 2015 22:16:34 +0000 (23:16 +0100)]
Possible hack for tags from private dents in public profile or wrong scope (both privacy leak).
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Fri, 27 Mar 2015 22:00:21 +0000 (23:00 +0100)]
Profile::current() suits better here.
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Fri, 27 Mar 2015 21:22:08 +0000 (22:22 +0100)]
Save some memory + added type-hint.
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Fri, 27 Mar 2015 21:07:51 +0000 (22:07 +0100)]
Added debug lines, the first attempt didn't work and I have *no* development system now. :-(
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Fri, 27 Mar 2015 20:55:45 +0000 (21:55 +0100)]
Check scope, else a privacy leaks happens this way:
1) Bob and Alice follow each other and write private notices
(this->scope=2) to each other.
2) Bob uses tags in his private notice to alice (which she can
read from him).
3) Alice adds that notice (with tags) to her favorites
("faving") it.
4) The tags from Bob's private notice becomes visible in Alice's
profile.
This has the simple background that the scope is not being
re-checked. This has to be done here at this point because given
above scenario is a privacy leak as the tags may be *really*
private (nobody else shall see them) such as initmate words or
very political words.
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Tue, 10 Mar 2015 17:31:46 +0000 (18:31 +0100)]
Added checked type-hints
Signed-off-by: Roland Haeder <roland@mxchange.org>
Conflicts:
classes/Notice.php
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Mon, 9 Mar 2015 00:40:44 +0000 (01:40 +0100)]
'checked' must be false because else the browser won't send any location and it is better for privacy ... :-)
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Sun, 8 Mar 2015 23:55:35 +0000 (00:55 +0100)]
onArgsInitialize() wants an array and many plugins want to add more elements, so make it everywhere the same.
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Fri, 6 Mar 2015 23:36:49 +0000 (00:36 +0100)]
rand() is weak on some OSes as it only produces random numbers from -32766 to
32766. So let's get rid of it all together and use mt_rand() (which produces
*way* larger numbers on *all* systems).
Signed-off-by: Roland Haeder <roland@mxchange.org>
Conflicts:
lib/noticeform.php
Signed-off-by: Roland Haeder <roland@mxchange.org>
aroquen [Thu, 5 Mar 2015 21:19:57 +0000 (22:19 +0100)]
Make attachment fit better in notice: drop text and link
Roland Haeder [Thu, 5 Mar 2015 18:18:38 +0000 (19:18 +0100)]
Added more checked type-hints
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Thu, 5 Mar 2015 17:43:57 +0000 (18:43 +0100)]
$related must contain class names, no table names ("all" lower-case) + fixed some checked type-hints.
Again, it must be User_flag_profile (class name), not user_flag_profile (table name).
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Sun, 15 Feb 2015 21:43:20 +0000 (22:43 +0100)]
Fixed more type-hints for safety.
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Sat, 31 Jan 2015 16:48:04 +0000 (17:48 +0100)]
Type-hint 'Action' for onEndProfileSettingsActions()
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Wed, 28 Jan 2015 11:43:02 +0000 (12:43 +0100)]
Added @pztrn@sn.pztrn.name 's wonderful statistics plugin as GIT module and linked all relevant files.
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Sun, 18 Jan 2015 07:20:32 +0000 (08:20 +0100)]
Added missing method TagSub::getProfile()
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Sun, 18 Jan 2015 07:02:49 +0000 (08:02 +0100)]
Added missing SearchSub::getProfile() method.
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Sun, 18 Jan 2015 06:07:00 +0000 (07:07 +0100)]
Added fixup script to fix bad profile URLs:
https://social.mxchange.org/conversation/83342#notice-83342
"I have written a small fixup script that fixes invalid profile URLs: If the
group is a remote group but #profileurl shows to
https://your.instance.tld/group/groupname then the profileurl field must be
fixed. cc !gnusocial I will commit it very soon."
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Sun, 18 Jan 2015 05:57:05 +0000 (06:57 +0100)]
$sender cannot be only Profile ... (false found).
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Häder [Fri, 9 Jan 2015 08:08:55 +0000 (09:08 +0100)]
Maybe this message will be needed some day ...
Signed-off-by: Roland Häder <haeder@hmmdeutschland.de>
Roland Haeder [Thu, 18 Sep 2014 22:43:52 +0000 (00:43 +0200)]
Fixed:
-----------------------------
Argument 2 passed to Ostatus_profile::notifyDeferred() must be an
instance of Profile, instance of User given, called in
/var/www/htdocs/plugins/OStatus/lib/ostatusqueuehandler.php on line 156 and
defined (/var/www/htdocs/plugins/OStatus/classes/Ostatus_profile.php:363)
[ABORT]
-----------------------------
getProfile() must be called on this->user
Plus fixed/added some type-hints.
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Tue, 16 Sep 2014 17:13:21 +0000 (19:13 +0200)]
Reoved another to strict type-hint + added check if $args is no array. In this
case the below foreach() is unneccessary as the if() block in it will never
match.
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Tue, 16 Sep 2014 17:07:39 +0000 (19:07 +0200)]
Added asserts + remove wrong type-hint (was no array).
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Fri, 12 Sep 2014 20:21:25 +0000 (22:21 +0200)]
Fixed ;-)
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Fri, 12 Sep 2014 19:58:27 +0000 (21:58 +0200)]
Improved type-hint for following methods:
- handle
- isReadOnly
- prepare
Signed-off-by: Roland Haeder <roland@mxchange.org>
darksider3 [Mon, 3 Mar 2014 16:02:52 +0000 (16:02 +0000)]
Adding htaccess.sample back*shame*
darksider3 [Mon, 3 Mar 2014 15:57:25 +0000 (15:57 +0000)]
oops, DB.txt O_o
darksider3 [Mon, 3 Mar 2014 15:08:22 +0000 (15:08 +0000)]
Add urlshortenerplugin2.php to solve some @todo's and adding exceptions
Roland Haeder [Fri, 12 Sep 2014 19:58:27 +0000 (21:58 +0200)]
Improved type-hint for following methods:
- handle
- isReadOnly
- prepare
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Fri, 12 Sep 2014 19:41:53 +0000 (21:41 +0200)]
Added some (good known) type-hints.
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Fri, 12 Sep 2014 16:48:59 +0000 (18:48 +0200)]
Possible fix for https://bugz.foocorp.net/T41
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Wed, 10 Sep 2014 20:06:50 +0000 (22:06 +0200)]
No need for php interpreter again as this script is executable.
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Wed, 10 Sep 2014 20:06:12 +0000 (22:06 +0200)]
Fixed CHMOD.
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Sat, 23 Aug 2014 11:16:29 +0000 (13:16 +0200)]
Added additional check.
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Mon, 18 Aug 2014 19:59:25 +0000 (21:59 +0200)]
Fixes for making Meteor working with HTTPS.
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Mon, 18 Aug 2014 16:34:36 +0000 (18:34 +0200)]
Usefull line for debugging added.
Signed-off-by: Roland Haeder <roland@mxchange.org>
Roland Haeder [Mon, 18 Aug 2014 07:39:27 +0000 (09:39 +0200)]
Check for valid database connection object.
Signed-off-by: Roland Haeder <roland@mxchange.org>
darksider3 [Mon, 3 Mar 2014 16:02:52 +0000 (16:02 +0000)]
Adding htaccess.sample back*shame*
Miguel Dantas [Wed, 14 Aug 2019 13:25:04 +0000 (14:25 +0100)]
[LinkPreview] Fix 'no candidate for action "embedproxy"'
tenma [Mon, 12 Aug 2019 03:53:43 +0000 (04:53 +0100)]
[CORE] Fix subscription-related functions from the Profile class
The undifined variable $private_stream, from the User class, was causing
undifined behavior from calling requiresSubscriptionApproval. The is_null
test was added to fix this problem.
Miguel Dantas [Mon, 12 Aug 2019 22:16:08 +0000 (23:16 +0100)]
[DOCUMENTATION][SYSADMIN][CONFIGURE] x-static-delivery was in the wrong section
Diogo Cordeiro [Mon, 12 Aug 2019 03:45:25 +0000 (04:45 +0100)]
[NodeInfo] New endpoint and formula for computing active users
Seriously improved documentation
Now NodeInfo 2.0 is available at /api/nodeinfo/2.0.json
For active users we now also consider favourites and recently created accounts
Some further minor bug fixes and full review of the implementation
Diogo Cordeiro [Sun, 11 Aug 2019 13:53:31 +0000 (14:53 +0100)]
[DOCUMENTATION] Late update of CHANGELOG and TODO list
Diogo Cordeiro [Sat, 10 Aug 2019 21:52:00 +0000 (22:52 +0100)]
[DOCUMENTATION][SYSADMIN][CONFIG][profile] Fix default of backup and restore options
Miguel Dantas [Thu, 8 Aug 2019 23:15:38 +0000 (00:15 +0100)]
[REFACTOR] Added explicit return type to all instances of QueueHandler::handle
Miguel Dantas [Wed, 7 Aug 2019 21:47:17 +0000 (22:47 +0100)]
[CORE][QUEUE] Error checking and type declaration on handling notice queue events
Patch submitted by XRevan86
Diogo Cordeiro [Tue, 6 Aug 2019 01:52:47 +0000 (02:52 +0100)]
[PEAR][DB] Import some new commits
Patch submitted by XRevan86
[DB/pgsql.php] Change pg_exec to pg_query
Encouraged by http://php.net/manual/en/function.pg-query.php and enables
improved monitoring by New Relic (https://newrelic.com)
[DB.php] changed count to empty for php7.2
[DB/common.php] change to array cast for php72
From: https://github.com/pear/DB/
Commits:
7d0ddaff ,
d04a42a5 and
ea9fff4a , respectively
Diogo Cordeiro [Wed, 7 Aug 2019 00:31:09 +0000 (01:31 +0100)]
[EXTLIB][VALIDATE] Fix some types
Miguel Dantas [Sun, 4 Aug 2019 19:14:45 +0000 (20:14 +0100)]
[DOCUMENTATION] Added X-Sendfile/X-Accel-Redirect to the sample nginx and apache config files
Diogo Cordeiro [Wed, 7 Aug 2019 00:23:29 +0000 (01:23 +0100)]
[DOCUMENTATION] Add versioning information
Some other minor improvements and a bug fix in the boilerplate
Miguel Dantas [Wed, 7 Aug 2019 22:12:03 +0000 (23:12 +0100)]
[Embed] Fixed error related to oembed action
Diogo Cordeiro [Tue, 6 Aug 2019 00:43:42 +0000 (01:43 +0100)]
[DOCUMENTATION] Fix nginx location rule's regex for install and index
biodantas [Sat, 3 Aug 2019 20:04:14 +0000 (20:04 +0000)]
Merge branch 'master' of biodantas/gnu-social into master
Miguel Dantas [Sat, 3 Aug 2019 20:02:21 +0000 (21:02 +0100)]
[MEDIA] Fixed wrong image cropping
Miguel Dantas [Wed, 24 Jul 2019 07:51:45 +0000 (08:51 +0100)]
[MEDIA] Replaced internal image handling with intervention/image, which is capable of using both GD and ImageMagik
Miguel Dantas [Wed, 24 Jul 2019 06:31:42 +0000 (07:31 +0100)]
[CORE][COMPOSER] Added intervention/image
Diogo Cordeiro [Thu, 25 Jul 2019 00:29:20 +0000 (01:29 +0100)]
[CORE] Bump PHP requirement to PHP7.3+
Miguel Dantas [Tue, 23 Jul 2019 10:08:48 +0000 (11:08 +0100)]
[Embed] Fixed use of undefined variable in fixup_files script
Miguel Dantas [Tue, 23 Jul 2019 10:07:47 +0000 (11:07 +0100)]
[Embed] Resize thumbnails fetched by Embed to avoid keeping original images when we need only 128x128. Size configurable in config.php
Miguel Dantas [Mon, 15 Jul 2019 21:08:19 +0000 (22:08 +0100)]
[FORMAT][Embed] Ran php-cs-fixer on Embed's files and small style fixes
Diogo Cordeiro [Fri, 19 Jul 2019 08:55:39 +0000 (09:55 +0100)]
[DOCUMENTATION] Add a CHANGELOG that includes a TODO list to reach alpha in v2
Diogo Cordeiro [Mon, 15 Jul 2019 03:10:29 +0000 (04:10 +0100)]
[SCRIPTS] Make them work in v2 by setting PUBLICDIR
Miguel Dantas [Sat, 13 Jul 2019 23:05:01 +0000 (00:05 +0100)]
[Embed] Updated fixup_files.php script to be able to fix broken oEmbedinfo using the --broken-oembed flag
Miguel Dantas [Sat, 13 Jul 2019 01:56:47 +0000 (02:56 +0100)]
[Embed] Hide error from the UI and just don't display an image if the remote image is not valid
Miguel Dantas [Sun, 14 Jul 2019 23:03:56 +0000 (00:03 +0100)]
[Embed] Fix bug where we we're losing track of a file, in case the image needed to be reencoded
Miguel Dantas [Fri, 12 Jul 2019 21:55:01 +0000 (22:55 +0100)]
[Embed] Fixed Embed tests
Miguel Dantas [Sun, 14 Jul 2019 22:56:31 +0000 (23:56 +0100)]
[Embed] Fixed bug where sometimes images were written outside the site root
Miguel Dantas [Fri, 12 Jul 2019 02:13:40 +0000 (03:13 +0100)]
[Embed] Removed old oEmbed and OpenGraph implementation
Miguel Dantas [Sun, 14 Jul 2019 22:35:11 +0000 (23:35 +0100)]
[Embed] Refactoring and bug fixing
Miguel Dantas [Sun, 7 Jul 2019 12:26:10 +0000 (13:26 +0100)]
[Embed] Using oscarotero/Embed as first attempt to get oEmbed/OpenGraph data, fallback
to previous implementation otherwise.
Miguel Dantas [Sat, 6 Jul 2019 16:26:15 +0000 (17:26 +0100)]
[PLUGINS] Fixed oEmbed dependents to use Embed
Miguel Dantas [Sat, 6 Jul 2019 15:52:30 +0000 (16:52 +0100)]
[Embed][DB] Renaming the 'file_oembed' table to 'file_embed' on upgrade
Miguel Dantas [Sat, 6 Jul 2019 03:31:02 +0000 (04:31 +0100)]
[OEmbed][Embed] Renamed OEmbed plugin to Embed
Miguel Dantas [Mon, 15 Jul 2019 00:41:55 +0000 (01:41 +0100)]
[COMPOSER] Added embed/embed
Diogo Cordeiro [Mon, 15 Jul 2019 00:29:39 +0000 (01:29 +0100)]
[DOCUMENTATION] New socialfy solution
Diogo Cordeiro [Sun, 14 Jul 2019 20:02:38 +0000 (21:02 +0100)]
[CORE] Avatars are in PUBLICDIR in v2
Fixed a bug in the Installer
Diogo Cordeiro [Mon, 15 Jul 2019 00:40:31 +0000 (01:40 +0100)]
[INSTALL] Minor reformatting and modernization. Shouldn't change functionality significatively.
Diogo Cordeiro [Mon, 15 Jul 2019 00:40:09 +0000 (01:40 +0100)]
[CORE] Fixed some small issues with PEAR
Diogo Cordeiro [Fri, 12 Jul 2019 17:51:27 +0000 (18:51 +0100)]
[CORE][COMPOSER] Ensure we are compatible with PHP 7.0.0
Diogo Cordeiro [Fri, 12 Jul 2019 15:31:14 +0000 (16:31 +0100)]
[CORE] Make tests great gain
Diogo Cordeiro [Wed, 10 Jul 2019 18:36:30 +0000 (19:36 +0100)]
[DOCUMENTATION] Update description of extlib and vendor directories
Diogo Cordeiro [Tue, 25 Jun 2019 09:35:31 +0000 (10:35 +0100)]
[CORE][COMPOSER] Add hoa/consistency
Renamed curry to callable_left_curry
Diogo Cordeiro [Mon, 24 Jun 2019 16:45:19 +0000 (17:45 +0100)]
[CORE] Downgrade phpseclib to a working state
Daniel Supernault [Sun, 23 Jun 2019 16:59:20 +0000 (17:59 +0100)]
[DEVTOOL] Add a robust and modern REPL
Daniel Supernault [Sat, 22 Jun 2019 21:04:49 +0000 (22:04 +0100)]
[CORE] Add custom favicon configuration support
Adds support for custom favicons defined in config.php that override theme favicons.
Daniel Supernault [Mon, 19 Mar 2018 03:21:03 +0000 (21:21 -0600)]
[CORE] Remove function_exists() calls and add up default bcrypt cost to 12.
Daniel Supernault [Mon, 12 Mar 2018 02:39:47 +0000 (20:39 -0600)]
[CORE] Add Argon2I support
Add Argon2I support, disabled by default.
Daniel Supernault [Mon, 12 Mar 2018 01:28:24 +0000 (19:28 -0600)]
[CORE] Update AuthCryptPlugin
Added password_hash() (bcrypt) support with fallback to crypt() for older PHP versions.
Daniel Supernault [Mon, 12 Mar 2018 00:55:59 +0000 (18:55 -0600)]
[CORE] Add timing safe backwards compatible password_verify
Diogo Cordeiro [Sat, 21 Jul 2018 05:00:18 +0000 (23:00 -0600)]
[CORE] Move public resources to a /public directory
Advantages:
* Increases security by preventing direct access to file/
* We are careful and have a defined('GNUSOCIAL') || die() to prevent
direct access to GS files, but we may miss one or a vendor/extlib may
not be as careful
* Improves directory structure - It's more natural to physically
separate what is public from what are GNU social resources
Diogo Cordeiro [Sun, 23 Jun 2019 17:19:31 +0000 (18:19 +0100)]
[CORE] Remove PEAR Command as it is not used
Diogo Cordeiro [Sun, 23 Jun 2019 16:36:15 +0000 (17:36 +0100)]
[FORMAT] Run php-cs-fixer in php-gettext
Diogo Cordeiro [Sat, 22 Jun 2019 21:23:21 +0000 (22:23 +0100)]
[CORE][COMPOSER] Move plugins extlibs to composer (where appropriate)
Diogo Cordeiro [Mon, 12 Mar 2018 03:23:55 +0000 (21:23 -0600)]
[CORE][COMPOSER] Move extlib packages with immediate composer correspondent to composer dependencies
This adds a composer.json for all dependencies that are available
brunoccast [Tue, 30 Jul 2019 01:18:52 +0000 (02:18 +0100)]
[CORE] Fix notice delete-form
DeletenoticeAction:
- Added tombstone check before deletion
NoticeListItem:
- Added tombstone check before showing delete-form
ActivityVerb:
- The plugin was overwriting the deletenotice route. Added stronger
regexp to the connected routes.
Diogo Cordeiro [Wed, 24 Jul 2019 23:43:25 +0000 (00:43 +0100)]
[CORE] Bump Database requirement to MariaDB 10.3+
Diogo Cordeiro [Tue, 23 Jul 2019 21:23:54 +0000 (22:23 +0100)]
[Media] Fix undefined variable box in imagefile.php
Miguel Dantas [Tue, 23 Jul 2019 10:48:41 +0000 (11:48 +0100)]
[StoreRemoteMedia] Added documentation for feature which limits the maximum filesize which is kept locally
Miguel Dantas [Tue, 23 Jul 2019 10:47:36 +0000 (11:47 +0100)]
[ROUTES] Fixed attachment routes, broken by channges in
fa378462f4
brunoccast [Thu, 11 Jul 2019 18:14:03 +0000 (19:14 +0100)]
[ROUTES] Allow accept-header specification during router creation
Router:
- Fix calls to connect, most of them were misusing the function's params
URLMapper:
- Minor fixes
- Documentation
- Add support for accept-header specification
Plugins/*:
- Fix calls to connect