summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2010-10-26Set cookies with "secure" flag on SSL sites. Improves security.testingCraig Andrews
2010-10-26Fix OAuth verifier display page title and msgs for i18nZach Copley
2010-10-26UI on profile settings page to opt out of following everyoneEvan Prodromou
2010-10-26flag to let users opt out of following everyoneEvan Prodromou
2010-10-26Plugin to follow all new users by defaultEvan Prodromou
2010-10-26can't subscribe to blacklisted domains/usersEvan Prodromou
2010-10-26Blacklist plugin checks PuSH and Salmon noticesEvan Prodromou
2010-10-26userrole.php will take a profile id for remote profilesEvan Prodromou
2010-10-25readme: release candidate 0.9.60.9.6rc1Brion Vibber
2010-10-25Merge commit 'refs/merge-requests/2223' of ↵Zach Copley
git://gitorious.org/statusnet/mainline into integration
2010-10-25Updated mustard description and linkMichele macno Azzolari
2010-10-25Supress header, footer, sidebar on OAuth verifier pin page when in "desktop" ↵Zach Copley
mode
2010-10-25Base theme styling for oauth pin and desktop mode.Samantha Doherty
2010-10-25Forgot to add the OAuth verifier pin page to sensitive arrayZach Copley
2010-10-25We don't need to have editapplication (only showapplication) in theZach Copley
sensitive array because it doesn't expose the consumer keypair
2010-10-25Add OAuth token exchange endpoint to 'sensitive' array; i.e.: use SSL ifZach Copley
available
2010-10-25Add special CSS classes to OAuth authorization and pin pages whenZach Copley
in desktop mode
2010-10-25Less scary OAuth authorization messages when using anonymous consumerZach Copley
2010-10-25max_id is inclusiveEvan Prodromou
2010-10-25change max_id from < to <=Evan Prodromou
2010-10-23Localisation updates from http://translatewiki.net.Siebrand Mazeland
2010-10-23* onPluginVersion added.Siebrand Mazeland
* i18n fix: use _m() in plugins, don't use _() * some translator documentation added. * superfluous whitespace removed.
2010-10-23* translator documentation added.Siebrand Mazeland
* superfluous whitespace removed.
2010-10-22Additional fixes found while looking at ticket #2532: when given a screen ↵Brion Vibber
name as API parameter for a profile, do the nickname lookup on local users only. The profile table can't guarantee unique lookups, so using names isn't currently safe there. This won't affect anything using local nicknames correctly, and may avoid some weird bugs if there were conflicts between local and remote nicknames.
2010-10-22Fix for ticket #2532: fixed API block create/destroy when specifying the ↵Brion Vibber
target user/profile as a separate query parameter, such as api/blocks/create.xml?param=xxx The router settings weren't quite right so we ended up with bogus regex values passed in as the 'id' parameter, which broke the regular fallback ordering of parameter checks.
2010-10-22Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.xBrion Vibber
2010-10-22Fix for 140-char replies being unexpectedly cropped when bridged to Twitter.Brion Vibber
This drops the '@' -> ' @' hack for CURL meta-chars in outgoing Twitter bridge, added in commit 04b95c25 back in the day. The Twitter bridge has since been switched from using direct CURL calls to using HTTPClient, which even with the CURL backend enabled doesn't trigger this issue, as POST parameters are formatted directly. Prepending the space before we did the message cropping was leading to 140-char messages getting cropped unnecessarily, which was confusing: Examples of broken messages: http://identi.ca/notice/57172587 vs http://twitter.com/marjoleink/status/28398050691 http://identi.ca/notice/57172878 vs http://twitter.com/marjoleink/status/28398492563
2010-10-22Normalize HTML body ids to lowercase when the user is logged out as well.Zach Copley
2010-10-22Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.xZach Copley
2010-10-22Updated styling for OAuth authorization page's desktop mode.Zach Copley
TODO: move these styles into the main CSS file.
2010-10-22RegisterThrottlePlugin tweak for silencing checks: make sure we don't crash ↵Brion Vibber
during registration if another profile registered from this address has been since deleted. Followup to commit 1caa08429f591b170da210d72f3501843f2bc657
2010-10-22Collective guilt for registrants from the same IP addressEvan Prodromou
If someone tries to register from an IP address that a silenced user has registered from, prevent it. When silencing someone, silence everyone else who registered from the same IP address.
2010-10-22New events when granting and revoking rolesEvan Prodromou
Four new events for when roles are granted or revoked.
2010-10-22Merge branch 'bettercachelog' into 0.9.xEvan Prodromou
2010-10-22Merge remote branch 'gitorious/0.9.x' into 0.9.xEvan Prodromou
2010-10-22more detailed information in cachelogpluginEvan Prodromou
2010-10-21Workaround for http_build_query() oddities in low-level router parent code ↵Brion Vibber
when PHP config is set with non-default separator.
2010-10-22Pass OAuth authorize page's mode paramater to OpenID plugin so it can create ↵Zach Copley
a correct returnto URL
2010-10-21Fix regression (whoops!)Zach Copley
2010-10-21Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.xZach Copley
2010-10-21Re-camelcase ApiOauthAuthorizeAction so it will be accessible whenZach Copley
a site is in pivate mode
2010-10-22Fix syntax errorsZach Copley
2010-10-21OAuth - inform consumer when user refused to authorize a request tokenZach Copley
http://status.net/open-source/issues/2848
2010-10-21Don't show 'anonymous' app in OAuth application list.Zach Copley
2010-10-21Fix bad reference.Zach Copley
2010-10-21OAuth - proper callback handling and better styling for authorizationZach Copley
page when in desktop mode
2010-10-21Normalize all action HTML body ids to lowercaseZach Copley
2010-10-21Change OAuth authorization page's action name to be inline withZach Copley
other web page action names so the body id outputs correctly. Fix some other bugs.
2010-10-21New "desktop" mode for the OAuth authorization page. If mode=deskstopZach Copley
is specified in the request the page is probably meant to be displayed in a small webview of another application, so suppress header, aside and footer.
2010-10-21Memcache::set() 3rd param should be flags (4th is expire). This throws a "2 ↵James Walker
lowest bytes reserved" error in Memcache > 3.0.3