]> git.mxchange.org Git - quix0rs-gnu-social.git/log
quix0rs-gnu-social.git
13 years agoPrevent group creation by silenced users.
Brion Vibber [Tue, 28 Dec 2010 19:34:02 +0000 (11:34 -0800)]
Prevent group creation by silenced users.

* adds Right::CREATEGROUP
* logic in Profile::hasRight() checks for silencing
* NewgroupAction checks for the permission before letting you see or process the form in the UI
* User_group::register() logic does a low-level check on the specified initial group admin, and rejects creation if that user doesn't have the right; guaranteeing that API methods etc will also have this restriction applied sensibly.

13 years ago*cough* don't commit the code that breaks your code that you used to test the debug...
Brion Vibber [Mon, 20 Dec 2010 21:06:58 +0000 (13:06 -0800)]
*cough* don't commit the code that breaks your code that you used to test the debug code :D

13 years agoSlightly fancier debug code for PuSH hmac mismatches -- save the post to a temp file...
Brion Vibber [Mon, 20 Dec 2010 21:05:17 +0000 (13:05 -0800)]
Slightly fancier debug code for PuSH hmac mismatches -- save the post to a temp file if feedsub/debug is on in config.

13 years agoLogging helper for bogus hmacs on PuSH in -- record the url & hub with the err msg...
Brion Vibber [Mon, 20 Dec 2010 18:46:23 +0000 (10:46 -0800)]
Logging helper for bogus hmacs on PuSH in -- record the url & hub with the err msg to help tell what broke

13 years agoTwitterBridge: partial merge of id_str usage from 0.9.x for improved 32-bit and pre...
Brion Vibber [Mon, 13 Dec 2010 20:12:22 +0000 (12:12 -0800)]
TwitterBridge: partial merge of id_str usage from 0.9.x for improved 32-bit and pre-5.2.10 compatibility. (on 64-bit in 5.2.6 we can pull the integer IDs, but silently lose some precision on the end.)

Fixes for Twitter bridge breakage on 32-bit servers. New "Snowflake" 64-bit IDs have become too big to fit in the integer portion of double-precision floats, so to reliably use these IDs we need to pull the new string form now.
Machines with 64-bit PHP installation should have had no problems (except on Windows, where integers are still 32 bits)

Conflicts:

plugins/TwitterBridge/twitterimport.php <- as this hasn't been broken out, the import code is NOT FULLY UPDATED HERE.

13 years agoWorkaround for locally-handled sessions breaking on PHP 5.3 with APC enabled.
Brion Vibber [Fri, 10 Dec 2010 22:08:36 +0000 (22:08 +0000)]
Workaround for locally-handled sessions breaking on PHP 5.3 with APC enabled.

Big thanks to the folks at http://pecl.php.net/bugs/bug.php?id=16745 for the secret juju!
Classes were being torn down before session save handlers got called at the end of the request, which exploded with complaints about being unable to find various classes.
Registering a shutdown function lets us explicitly close out the session before everything gets torn down.

13 years agoextlibs updates: PEAR::Mail to 1.2.0, PEAR::Net_SMTP to 1.4.2 (need to go together...
Brion Vibber [Mon, 3 May 2010 23:49:59 +0000 (16:49 -0700)]
extlibs updates: PEAR::Mail to 1.2.0, PEAR::Net_SMTP to 1.4.2 (need to go together as a pair)

PEAR::Mail updated to 1.2.0 from 1.1.4, fixes deprecation warnings on PHP 5.3, as well as:
1.2.0:
• QA release - stable.
• Updated minimum dependencies (Net_SMTP, PEAR, PHP)
• Doc Bug #15620 Licence change to BSD
• Bug #13659 Mail parse error in special condition
• Bug #16200 - Security hole allow to read/write Arbitrary File
_hasUnclosedQuotes() doesn't properly handle a double slash before an end quote (slusarz@curecanti.org, Bug #9137).
• Make sure Net_SMTP is defined when calling getSMTPObject() directly (slusarz@curecanti.org, Bug #13772).
• Add addServiceExtensionParameter() to the SMTP driver (slusarz@curecanti.org, Bug #13764).
• Add a method to obtain the Net_SMTP object from the SMTP driver (slusarz@curecanti.org, Bug #13766).

PEAR::Net_SMTP updated to 1.4.2 from 1.3.1, needed to support updated PEAR::Mail:
1.4.2:
• Fixing header string quoting in data(). (Bug #17199)
1.4.1:
• The auth() method now includes an optional $tls parameter that determines whether or not TLS should be attempted (if supported by the PHP runtime and the remote SMTP server). This parameter defaults to true. (Bug #16349)
• Header data can be specified separately from message body data by passing it as the optional second parameter to ``data()``. This is especially useful when an open file resource is being used to supply message data because it allows header fields (like *Subject:*) to be built dynamically at runtime. (Request #17012)
1.4.0:
• The data() method now accepts either a string or a file resource containing the message data. (Request #16962)
1.3.4:
• All Net_Socket write failures are now recognized. (Bug #16831)
1.3.3:
• Added getGreeting(), for retrieving the server's greeting string. (Request #16066) [needed for PEAR::Mail]
• We no longer attempt a TLS connection if we're already using a secure socket. (Bug #16254)
• You can now specify a debug output handler via setDebug(). (Request #16420)
1.3.2:
• TLS connection only gets started if no AUTH methods are sent. (Bug #14944)

13 years agoTweak to PiwikAnalytics plugin to help browsers to pre-load piwik.js, may shave a...
Brion Vibber [Thu, 9 Dec 2010 01:39:04 +0000 (17:39 -0800)]
Tweak to PiwikAnalytics plugin to help browsers to pre-load piwik.js, may shave a little off load time.

Piwik's current default recommended JS for loading creates a <script> tag via document.write(). In addition to being generally evil, this means the browser doesn't know it's going to need piwik.js until that chunk of script gets executed... which can't happen until all scripts referenced *before* it have been loaded and executed.

The only reason for that bit of script though seems to be to pick 'http' or 'https' depending on the current page's scheme. This can be done more simply by using a protocol-relative link (eg "//piwik.status.net/piwik.js"), which the browser will resolve as appropriate. Since it's now sitting in the <script> tag, the browser's lookahead code will now see it and be able to start loading it while earlier things are parsing/executing.
May be better still to move to an asynchronous load after DOM-ready, but I'm not sure if that'll screw with the analytics code (eg, not being able to start things on the DOM-ready events since they're past).

13 years agoMapstraction plugin: use minified sources for OpenLayers
Brion Vibber [Wed, 8 Dec 2010 22:54:02 +0000 (14:54 -0800)]
Mapstraction plugin: use minified sources for OpenLayers

The default full build of OpenLayers.js is 943kb as of 2.10; this gzips down to a couple hundred kb
but is still rather nasty, plus loading it off a remote host could slow things down.

Using a local copy let us cut down the size significantly by discarding unused features, and further
minification with yui-compressor shaves a bit more off. Cuts down to about 1/5 the size of the
original.

Also threw in a bundled & minified copy of the Mapstraction classes plus our usermap.js,
which covers the common case of using the default OpenLayers provider. This cuts out three
additional script loads, two of which weren't getting launched until after the mxn.js main
file got loaded.

13 years agoCreate a bundled & minified JS file for Mapstraction's common case (using OpenLayers...
Brion Vibber [Wed, 8 Dec 2010 22:52:26 +0000 (14:52 -0800)]
Create a bundled & minified JS file for Mapstraction's common case (using OpenLayers); this'll avoid waiting on additional script loads for mxn.core.js and mxn.openlayers.core.js, and removes the need to load usermap.js separately as well.

13 years agoAdd stripped and minified local copy of OpenLayers 2.10, about 1/5 the size of the...
Brion Vibber [Wed, 8 Dec 2010 21:52:35 +0000 (13:52 -0800)]
Add stripped and minified local copy of OpenLayers 2.10, about 1/5 the size of the full version.

Included Makefile will recreate the OpenLayers.js using the statusnet.cfg strip configuration file
and yui-compressor to do some extra minification at the end. Requires fetching the OpenLayers
source download and dropping it in:

http://openlayers.org/download/OpenLayers-2.10.tar.gz

13 years agoMerge branch 'master' of gitorious.org:statusnet/mainline
Brion Vibber [Tue, 7 Dec 2010 20:13:50 +0000 (12:13 -0800)]
Merge branch 'master' of gitorious.org:statusnet/mainline

13 years agoQuick hack to discard twitter broadcast queue items on failure *IF* config option...
Brion Vibber [Tue, 7 Dec 2010 20:11:37 +0000 (12:11 -0800)]
Quick hack to discard twitter broadcast queue items on failure *IF* config option 'twitter' 'ignore_errors' is on:

$config['twitter']['ignore_errors'] = true;

A longer-term solution is to patch up the indirect retry handling to count retries better, or delay for later retry sensibly.

13 years agoMerge branch 'master' of gitorious.org:statusnet/mainline
Evan Prodromou [Mon, 6 Dec 2010 22:21:38 +0000 (17:21 -0500)]
Merge branch 'master' of gitorious.org:statusnet/mainline

13 years agoConfig flag to disable router caching if needed
Evan Prodromou [Mon, 6 Dec 2010 22:19:41 +0000 (17:19 -0500)]
Config flag to disable router caching if needed

13 years agouse Cache::codeKey() in Router class
Evan Prodromou [Mon, 6 Dec 2010 22:08:52 +0000 (17:08 -0500)]
use Cache::codeKey() in Router class

13 years agoMake code-dependent cache entries more volatile
Evan Prodromou [Mon, 6 Dec 2010 22:05:32 +0000 (17:05 -0500)]
Make code-dependent cache entries more volatile

If a cache entry is dependent on the code that's running, upgrading
(or enabling/disabling plugins) can generate hard-to-track
inconsistencies.

This change adds a close-to-unique fingerprint of the running code to
some cache keys, so that if the fingerprint changes, the old values
are ignored and new values are used.

If the automated uniqueness fails, an administrator can add an extra
config value, $config['site']['build'], that's thrown into the key also.

13 years agoAdded User::singleUserNickname() as (temporary?) fallback for single-user lookup...
Brion Vibber [Mon, 6 Dec 2010 20:39:09 +0000 (12:39 -0800)]
Added User::singleUserNickname() as (temporary?) fallback for single-user lookup as a workaround for site setup of 1user sites. We found that an external tool attempting to spin up StatusNet and then register the user would fail because StatusNet's router setup dies on being unable to find its single-user account, since the nickname is needed in setting up routing entries. This tweak will let it survive, using the configured setting as a fallback if it can't actually find the user account.

13 years agoFlush router cache when saving Twitter admin settings: adding/removing keys can enabl...
Brion Vibber [Tue, 30 Nov 2010 20:46:33 +0000 (12:46 -0800)]
Flush router cache when saving Twitter admin settings: adding/removing keys can enable/disable some actions. This avoids having users' Twitter settings unreachable after adding your keys to an installation with TwitterBridge on but not pre-configured.

13 years agoBitlyPlugin: fix for shortening URLs containing ampersand (&)
Brion Vibber [Tue, 30 Nov 2010 20:40:23 +0000 (12:40 -0800)]
BitlyPlugin: fix for shortening URLs containing ampersand (&)

13 years agowas using Cache::get() and ::set() wrong
Evan Prodromou [Tue, 30 Nov 2010 19:44:16 +0000 (14:44 -0500)]
was using Cache::get() and ::set() wrong

13 years agoa quick script to flush the router from cache if needed
Evan Prodromou [Tue, 30 Nov 2010 15:27:32 +0000 (10:27 -0500)]
a quick script to flush the router from cache if needed

13 years agouse a CRC32 of the plugin names rather than actual names
Evan Prodromou [Tue, 30 Nov 2010 15:11:39 +0000 (10:11 -0500)]
use a CRC32 of the plugin names rather than actual names

13 years agoSquashed commit of the following:
Evan Prodromou [Tue, 30 Nov 2010 14:57:02 +0000 (09:57 -0500)]
Squashed commit of the following:

commit 39fdd181d95d2c39a3ea1ca330b10a99a92b961f
Author: Evan Prodromou <evan@status.net>
Date:   Mon Nov 29 10:37:49 2010 -0500

    use cache key prefix for router cache key

commit 4cb9e56941922489b83d6425c059cf770991e68f
Author: Evan Prodromou <evan@status.net>
Date:   Mon Nov 29 10:31:21 2010 -0500

    use a unique hashkey based on the software version and loaded plugins

commit 44458b48aef719543e11f83b41fded65cbcb8be9
Author: Evan Prodromou <evan@status.net>
Date:   Sat Nov 27 17:04:15 2010 -0500

    cache the NUM object

commit 809c188307a9b4ada15f3d7fa573a6034341efef
Author: Evan Prodromou <evan@status.net>
Date:   Sat Nov 27 15:44:12 2010 -0500

    accelerate routing by pivoting paths on actions

14 years agoRevert "Ticket #2796: don't allow arbitrary overriding of the 'action' class and...
Evan Prodromou [Fri, 26 Nov 2010 16:18:41 +0000 (11:18 -0500)]
Revert "Ticket #2796: don't allow arbitrary overriding of the 'action' class and other parameters pulled from the URL mapper."

This reverts commit 4193a826d3500c1c8771e2a55ca197011fe637c8.

14 years agoUpdate doc comment for Awesomeness plugin
Brion Vibber [Mon, 22 Nov 2010 20:39:38 +0000 (12:39 -0800)]
Update doc comment for Awesomeness plugin

14 years agoTweak regex in Awesomeness plugin
Brion Vibber [Mon, 22 Nov 2010 20:38:47 +0000 (12:38 -0800)]
Tweak regex in Awesomeness plugin

14 years agoMerge commit 'refs/merge-requests/2224' of git://gitorious.org/statusnet/mainline...
Brion Vibber [Mon, 22 Nov 2010 20:31:24 +0000 (12:31 -0800)]
Merge commit 'refs/merge-requests/2224' of git://gitorious.org/statusnet/mainline into int

14 years agoFixes for delete_status_network.sh:
Brion Vibber [Mon, 22 Nov 2010 19:10:10 +0000 (11:10 -0800)]
Fixes for delete_status_network.sh:
* add some sanity checking: abort on failures instead of plodding through
* add some progress / error output
* fetch the target database server name from the status_network entry and use that to target the DROP DATABASE

Note that database names and other overrides in status_network entry may still not be seen.

14 years agoAdded Awesomeness extension
Jeroen De Dauw [Sat, 20 Nov 2010 14:14:12 +0000 (15:14 +0100)]
Added Awesomeness extension

14 years agoFix ticket #2700: some numeric IDs were misinterpreted as hex numbers instead of...
Brion Vibber [Sat, 20 Nov 2010 00:12:28 +0000 (16:12 -0800)]
Fix ticket #2700: some numeric IDs were misinterpreted as hex numbers instead of strings when '0x123' passed in.

Switched from is_numeric() to a custom self::is_decimal() which is more strict.
This makes our behavior match Twitter's API a bit better, so eg this:

  http://identi.ca/api/statuses/home_timeline/0x6d686b.xml

should now be equivalent to:

  http://identi.ca/api/statuses/home_timeline.xml?screen_name=0x6d686b

instead of:

  http://identi.ca/api/statuses/home_timeline.xml?user_id=7170155

14 years agoTicket #2724: gracefully handle attempts to delete or fave/unfave a remote Twitter...
Brion Vibber [Fri, 19 Nov 2010 23:51:08 +0000 (15:51 -0800)]
Ticket #2724: gracefully handle attempts to delete or fave/unfave a remote Twitter notice if a failure occurs.

Most annoying error case being where the notice was already faved or deleted on Twitter! :)
Such errors will now just fail out and log a note to the syslog -- the rest of what we were doing will continue on unhindered, so you can still delete, favorite, etc and it just won't sync the info over in that case.

14 years agoTicket #2796: don't allow arbitrary overriding of the 'action' class and other parame...
Brion Vibber [Fri, 19 Nov 2010 23:30:52 +0000 (15:30 -0800)]
Ticket #2796: don't allow arbitrary overriding of the 'action' class and other parameters pulled from the URL mapper.

This protects against oddities such as manual invocation of the ClientError action, which can spoof error messages.

14 years agoTicket #1987: support since_id on API notice search methods.
Brion Vibber [Fri, 19 Nov 2010 22:00:22 +0000 (14:00 -0800)]
Ticket #1987: support since_id on API notice search methods.

max_id is not yet implemented, as it'll need support added to the search backends. (since_id we get 'for free' by just cropping off the list, it'll do for now)

14 years agoTicket #2441: fix deletion of avatars when a profile is deleted.
Brion Vibber [Fri, 19 Nov 2010 20:39:07 +0000 (12:39 -0800)]
Ticket #2441: fix deletion of avatars when a profile is deleted.

Code was doing a batch call to $avatar->delete() which fails to properly engage the file deletion code. Calling the existing profile->delete_avatars() function deletes them individually, which makes it all work nice again.

14 years agoTicket #2899: clean up inbox/outbox DM form a bit:
Brion Vibber [Fri, 19 Nov 2010 19:56:03 +0000 (11:56 -0800)]
Ticket #2899: clean up inbox/outbox DM form a bit:
- "To" drop-down list now defaults to showing "Select recipient:" instead of the first person on your list, reducing liklihood of accidentally sending a message to the wrong person.
- When there are no mutual subscribers to send to, instead of an empty list the list now shows 'No mutual subscribers.'

In both cases, attempting to send when the default is selected displays an error message.
I'm not disabling form elements in part because our themes right now don't show disabled button state correctly; we might want to tighten that up a bit more once fixed.

14 years agoscripts/deletegroup.php -- basic CLI script to delete a group by id or local nickname...
Brion Vibber [Thu, 18 Nov 2010 22:40:05 +0000 (14:40 -0800)]
scripts/deletegroup.php -- basic CLI script to delete a group by id or local nickname. Like deleteuser.php, this can be used in batch runs by providing the -y override.

14 years agoFix regression in PopularNoticeSection: tag parameter was broken, causing sidebar...
Brion Vibber [Thu, 18 Nov 2010 22:30:00 +0000 (14:30 -0800)]
Fix regression in PopularNoticeSection: tag parameter was broken, causing sidebar on tag pages to show untagged favorites.

14 years agoTicket 2895: exclude silenced users from popular notice lists
Brion Vibber [Tue, 16 Nov 2010 19:13:52 +0000 (11:13 -0800)]
Ticket 2895: exclude silenced users from popular notice lists

14 years agoPrep for ticket #2895: consolidate common code from PopularNoticeList and FavoritedAc...
Brion Vibber [Tue, 16 Nov 2010 19:10:32 +0000 (11:10 -0800)]
Prep for ticket #2895: consolidate common code from PopularNoticeList and FavoritedAction for fetching popular notice lists

14 years agoForgot to commit the JS for ModPlus. :)
Brion Vibber [Tue, 16 Nov 2010 01:45:58 +0000 (17:45 -0800)]
Forgot to commit the JS for ModPlus. :)

14 years agovisual cleanup on ModPlus remote profile info popup menu
Brion Vibber [Tue, 16 Nov 2010 01:32:33 +0000 (17:32 -0800)]
visual cleanup on ModPlus remote profile info popup menu

14 years agoTweak remote profile action: hide stats from sidebar, tweak wording on remote notice
Brion Vibber [Tue, 16 Nov 2010 00:38:18 +0000 (16:38 -0800)]
Tweak remote profile action: hide stats from sidebar, tweak wording on remote notice

14 years agoRemoteProfileAction cleanup:
Brion Vibber [Tue, 16 Nov 2010 00:12:16 +0000 (16:12 -0800)]
RemoteProfileAction cleanup:
- meta robots to prevent spidering
- a little notice if silenced

14 years agovisual tweaks for RemoteProfileAction
Brion Vibber [Mon, 15 Nov 2010 23:57:57 +0000 (15:57 -0800)]
visual tweaks for RemoteProfileAction

14 years agoRemoteProfileAction: redirect to the regular user profile page if given a local user.
Brion Vibber [Mon, 15 Nov 2010 23:40:07 +0000 (15:40 -0800)]
RemoteProfileAction: redirect to the regular user profile page if given a local user.

14 years agoWorkaround for display of Twitter remote users in remoteprofile (ModPlus plugin)...
Brion Vibber [Mon, 15 Nov 2010 23:39:42 +0000 (15:39 -0800)]
Workaround for display of Twitter remote users in remoteprofile (ModPlus plugin): use 73px avatar if no 96px present

14 years agoStub RemoteprofileAction to show the standard profile header stuff for offsite users...
Brion Vibber [Mon, 15 Nov 2010 23:34:12 +0000 (15:34 -0800)]
Stub RemoteprofileAction to show the standard profile header stuff for offsite users -- provides a way to get at the mod & block controls for remote users.

14 years agosome User -> Profile cleanup to help in adapting the profile page action to show...
Brion Vibber [Mon, 15 Nov 2010 23:32:57 +0000 (15:32 -0800)]
some User -> Profile cleanup to help in adapting the profile page action to show stuff for remote users. Subscriptions, groups, roles, etc are all on profiles now so go ahead and use em.

14 years agoStub ModPlus plugin: will hold experimental UI improvements for mod actions
Brion Vibber [Mon, 15 Nov 2010 22:15:41 +0000 (14:15 -0800)]
Stub ModPlus plugin: will hold experimental UI improvements for mod actions

14 years agoclear_jabber.php script to clear confirmed jabber/xmpp addresses from one or more...
Brion Vibber [Mon, 15 Nov 2010 21:26:42 +0000 (13:26 -0800)]
clear_jabber.php script to clear confirmed jabber/xmpp addresses from one or more accounts

14 years agofix syntax error introduced in i18n tweaks: newgroup action
Brion Vibber [Tue, 2 Nov 2010 21:03:50 +0000 (14:03 -0700)]
fix syntax error introduced in i18n tweaks: newgroup action

14 years agoRevert "Missing one close-paren in newgroup.php" - incorrect fix for paren bug
Brion Vibber [Fri, 12 Nov 2010 21:34:04 +0000 (13:34 -0800)]
Revert "Missing one close-paren in newgroup.php" - incorrect fix for paren bug

This reverts commit 3afb031d9270a29db7f1ac4a964bb4b796759827.

14 years agoFix for failure edge case in TwitterBridge outgoing repeat/retweets.
Brion Vibber [Fri, 12 Nov 2010 21:06:41 +0000 (13:06 -0800)]
Fix for failure edge case in TwitterBridge outgoing repeat/retweets.

When the retweet failed with a 403 error (say due to it being a private tweet, which can't be retweeted) we would end up mishandling the return value from our internal error handling.
Instead of correctly discarding the message and closing out the queue item, we ended up trying to save a bogus twitter<->local ID mapping, which threw another exception and lead the queue system to re-run it.

- Fixed the logic check and return values for the retweet case in broadcast_twitter().
- Added doc comments explaining the return values on some functions in twitter.php
- Added check on Notice_to_status::saveNew() for empty input -- throw an exception before we try to actually insert into db. :)

14 years agodon't try to initialize the mapstraction canvas if it doesn't exist
Evan Prodromou [Fri, 12 Nov 2010 16:46:45 +0000 (11:46 -0500)]
don't try to initialize the mapstraction canvas if it doesn't exist

14 years agoFix missing close of comment block
Zach Copley [Thu, 11 Nov 2010 18:33:26 +0000 (10:33 -0800)]
Fix missing close of comment block

14 years agoAdd error logging for a couple send-fail cases in XMPP out
Brion Vibber [Wed, 10 Nov 2010 23:26:18 +0000 (15:26 -0800)]
Add error logging for a couple send-fail cases in XMPP out

14 years agoMissing one close-paren in newgroup.php
Evan Prodromou [Tue, 9 Nov 2010 22:08:11 +0000 (17:08 -0500)]
Missing one close-paren in newgroup.php

14 years agosession table was missing from upgrade scripts
Evan Prodromou [Tue, 9 Nov 2010 17:53:57 +0000 (12:53 -0500)]
session table was missing from upgrade scripts

14 years agoREADME bump for 0.9.6 final
Brion Vibber [Fri, 29 Oct 2010 21:17:18 +0000 (14:17 -0700)]
README bump for 0.9.6 final

14 years agoMerge branch 'master' into 0.9.x
Brion Vibber [Fri, 29 Oct 2010 18:22:35 +0000 (11:22 -0700)]
Merge branch 'master' into 0.9.x

14 years agoMerge remote branch 'gitorious/master'
Evan Prodromou [Fri, 29 Oct 2010 15:14:00 +0000 (11:14 -0400)]
Merge remote branch 'gitorious/master'

14 years agoadd a hack to show ads on single-notice pages
Evan Prodromou [Fri, 29 Oct 2010 15:13:33 +0000 (11:13 -0400)]
add a hack to show ads on single-notice pages

14 years agoMerge remote branch 'origin/0.9.x' into 0.9.x
Brion Vibber [Thu, 28 Oct 2010 23:25:28 +0000 (16:25 -0700)]
Merge remote branch 'origin/0.9.x' into 0.9.x

14 years agoLocalisation updates from http://translatewiki.net
Siebrand Mazeland [Thu, 28 Oct 2010 23:21:42 +0000 (01:21 +0200)]
Localisation updates from http://translatewiki.net

14 years agoMerge branch 'master' into 0.9.x
Brion Vibber [Thu, 28 Oct 2010 20:01:10 +0000 (13:01 -0700)]
Merge branch 'master' into 0.9.x

14 years agoKill a ping queue item if we get an error on loading up the notice's poster's profile...
Brion Vibber [Thu, 28 Oct 2010 19:58:30 +0000 (12:58 -0700)]
Kill a ping queue item if we get an error on loading up the notice's poster's profile, rather than letting the item be retried over and over as if it were a transitory error.
This shouldn't generally happen as it's an indicator of database inconsistency, but it's a condition we know happens.

14 years agoFix for regression: fatal error on group page display when not logged in.
Brion Vibber [Thu, 28 Oct 2010 19:19:19 +0000 (12:19 -0700)]
Fix for regression: fatal error on group page display when not logged in.
Bug was introduced with group deletion feature.

14 years agofall back to siteowner on bad nickname (Bug#2861)
Evan Prodromou [Thu, 28 Oct 2010 14:46:57 +0000 (10:46 -0400)]
fall back to siteowner on bad nickname (Bug#2861)

14 years agoMerge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x
Brion Vibber [Thu, 28 Oct 2010 00:15:59 +0000 (00:15 +0000)]
Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x

14 years agoTweak for OAuth headers not seen in $_SERVER
Brion Vibber [Thu, 28 Oct 2010 00:14:45 +0000 (00:14 +0000)]
Tweak for OAuth headers not seen in $_SERVER

14 years agoMerge branch '0.9.x' of git://gitorious.org/statusnet/mainline into 0.9.x
Siebrand Mazeland [Wed, 27 Oct 2010 23:59:45 +0000 (01:59 +0200)]
Merge branch '0.9.x' of git://gitorious.org/statusnet/mainline into 0.9.x

14 years agoLocalisation updates from http://translatewiki.net.
Siebrand Mazeland [Wed, 27 Oct 2010 23:58:43 +0000 (01:58 +0200)]
Localisation updates from http://translatewiki.net.

14 years agoMerge branch 'instrument' into 0.9.x
Brion Vibber [Wed, 27 Oct 2010 23:47:06 +0000 (16:47 -0700)]
Merge branch 'instrument' into 0.9.x

14 years agoApiLogger plugin: dumps some information about API hits to aid in researching future...
Brion Vibber [Wed, 27 Oct 2010 23:30:11 +0000 (16:30 -0700)]
ApiLogger plugin: dumps some information about API hits to aid in researching future HTTP-level cachability improvements.

Data are sent to the 'info' level of logging, like so:

  [lazarus.local:4812.86b23603 GET /mublog/api/statuses/friends_timeline.atom?since_id=1353]
       STATLOG action:apitimelinefriends method:GET ssl:no query:since_id cookie:no auth:yes
       ifmatch:no ifmod:no agent:Appcelerator Titanium/1.4.1 (iPhone/4.1; iPhone OS; en_US;)

Fields:
* action:  case-normalized name of the action class we're acting on
* method:  GET, POST, HEAD, etc
* ssl:     Are we on HTTPS? 'yes' or 'no'
* query:   Were we sent a query string? 'yes', 'no', or 'since_id' if the only parameter is a since_id
* cookie:  Were we sent any cookies? 'yes' or 'no'
* auth:    Were we sent an HTTP Authorization header? 'yes' or 'no'
* ifmatch: Were we sent an HTTP If-Match header for an ETag? 'yes' or 'no'
* ifmod:   Were we sent an HTTP If-Modified-Since header? 'yes' or 'no'
* agent:   User-agent string, to aid in figuring out what these things are

The most shared-cache-friendly requests will be non-SSL GET requests with no or very predictable
query parameters, no cookies, and no authorization headers. Private caching (eg within a supporting
user-agent) could still be friendly to SSL and auth'd GET requests.

We kind of expect that the most frequent hits from clients will be GETs for a few common timelines,
with auth headers, a since_id-only query, and no cookies. These should at least be amenable to
returning 304 matches for etags or last-modified headers with private caching, but it's very
possible that most clients won't actually think to save and send them. That would leave us expecting
to handle a lot of timeline since_id hits that return a valid API response with no notices.

At this point we don't expect to actually see if-match or if-modified-since a lot since most of our
API responses are marked as uncacheable; so even if we output them they're not getting sent back to
us.

Random subsampling can be enabled by setting the 'frequency' parameter smaller than 1.0:

  addPlugin('ApiLogger', array(
    'frequency' => 0.5 // Record 50% of API hits
  ));

14 years agoUpdate translator documentation.
Siebrand Mazeland [Wed, 27 Oct 2010 23:42:09 +0000 (01:42 +0200)]
Update translator documentation.

14 years agoi18n/L10n updates and superfluous whitespace removed.
Siebrand Mazeland [Wed, 27 Oct 2010 23:35:40 +0000 (01:35 +0200)]
i18n/L10n updates and superfluous whitespace removed.

14 years ago* Superfluous whitespace removed.
Siebrand Mazeland [Wed, 27 Oct 2010 23:23:57 +0000 (01:23 +0200)]
* Superfluous whitespace removed.
* i18n review (no changes needed).

14 years ago* i18n/L10n fixes.
Siebrand Mazeland [Wed, 27 Oct 2010 23:19:04 +0000 (01:19 +0200)]
* i18n/L10n fixes.
* translator documentation updated.
* superfluous whitespace removed.

14 years ago* i18n/L10n fixes.
Siebrand Mazeland [Mon, 25 Oct 2010 21:51:00 +0000 (23:51 +0200)]
* i18n/L10n fixes.
* translator documentation updated.
* superfluous whitespace removed.

14 years agoMerge branch 'nofollowexternallink' into 0.9.x
Evan Prodromou [Wed, 27 Oct 2010 17:53:39 +0000 (13:53 -0400)]
Merge branch 'nofollowexternallink' into 0.9.x

Conflicts:
lib/default.php

14 years agoSet cookies with "secure" flag on SSL sites. Improves security.
Craig Andrews [Tue, 26 Oct 2010 21:55:09 +0000 (17:55 -0400)]
Set cookies with "secure" flag on SSL sites. Improves security.

14 years agoFix OAuth verifier display page title and msgs for i18n
Zach Copley [Tue, 26 Oct 2010 20:19:23 +0000 (13:19 -0700)]
Fix OAuth verifier display page title and msgs for i18n

14 years agoUI on profile settings page to opt out of following everyone
Evan Prodromou [Tue, 26 Oct 2010 19:33:35 +0000 (15:33 -0400)]
UI on profile settings page to opt out of following everyone

14 years agoflag to let users opt out of following everyone
Evan Prodromou [Tue, 26 Oct 2010 19:21:30 +0000 (15:21 -0400)]
flag to let users opt out of following everyone

14 years agoPlugin to follow all new users by default
Evan Prodromou [Tue, 26 Oct 2010 19:10:18 +0000 (15:10 -0400)]
Plugin to follow all new users by default

14 years agocan't subscribe to blacklisted domains/users
Evan Prodromou [Tue, 26 Oct 2010 15:48:27 +0000 (11:48 -0400)]
can't subscribe to blacklisted domains/users

14 years agoBlacklist plugin checks PuSH and Salmon notices
Evan Prodromou [Tue, 26 Oct 2010 15:20:43 +0000 (11:20 -0400)]
Blacklist plugin checks PuSH and Salmon notices

14 years agouserrole.php will take a profile id for remote profiles
Evan Prodromou [Tue, 26 Oct 2010 15:19:47 +0000 (11:19 -0400)]
userrole.php will take a profile id for remote profiles

14 years agoreadme: release candidate 0.9.6
Brion Vibber [Mon, 25 Oct 2010 21:49:29 +0000 (14:49 -0700)]
readme: release candidate 0.9.6

14 years agoMerge commit 'refs/merge-requests/2223' of git://gitorious.org/statusnet/mainline...
Zach Copley [Mon, 25 Oct 2010 21:35:56 +0000 (14:35 -0700)]
Merge commit 'refs/merge-requests/2223' of git://gitorious.org/statusnet/mainline into integration

14 years agoUpdated mustard description and link
Michele macno Azzolari [Mon, 25 Oct 2010 21:08:29 +0000 (23:08 +0200)]
Updated mustard description and link

14 years agoSupress header, footer, sidebar on OAuth verifier pin page when in "desktop" mode
Zach Copley [Mon, 25 Oct 2010 20:30:38 +0000 (13:30 -0700)]
Supress header, footer, sidebar on OAuth verifier pin page when in "desktop" mode

14 years agoBase theme styling for oauth pin and desktop mode.
Samantha Doherty [Mon, 25 Oct 2010 20:00:34 +0000 (16:00 -0400)]
Base theme styling for oauth pin and desktop mode.

14 years agoForgot to add the OAuth verifier pin page to sensitive array
Zach Copley [Mon, 25 Oct 2010 19:36:03 +0000 (12:36 -0700)]
Forgot to add the OAuth verifier pin page to sensitive array

14 years agoWe don't need to have editapplication (only showapplication) in the
Zach Copley [Mon, 25 Oct 2010 19:10:52 +0000 (12:10 -0700)]
We don't need to have editapplication (only showapplication) in the
sensitive array because it doesn't expose the consumer keypair

14 years agoAdd OAuth token exchange endpoint to 'sensitive' array; i.e.: use SSL if
Zach Copley [Mon, 25 Oct 2010 18:52:17 +0000 (11:52 -0700)]
Add OAuth token exchange endpoint to 'sensitive' array; i.e.: use SSL if
available

14 years agoAdd special CSS classes to OAuth authorization and pin pages when
Zach Copley [Mon, 25 Oct 2010 18:25:35 +0000 (11:25 -0700)]
Add special CSS classes to OAuth authorization and pin pages when
in desktop mode

14 years agoLess scary OAuth authorization messages when using anonymous consumer
Zach Copley [Mon, 25 Oct 2010 17:38:40 +0000 (10:38 -0700)]
Less scary OAuth authorization messages when using anonymous consumer

14 years agomax_id is inclusive
Evan Prodromou [Mon, 25 Oct 2010 15:18:49 +0000 (11:18 -0400)]
max_id is inclusive