summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2010-11-29General code safety: validate input and escape SQL strings in ↵Brion Vibber
common_relative_profile()
2010-11-29Use Nickname::DISPLAY_FMT instead of manual regex fragments in router setup ↵Brion Vibber
for nickname parameters.
2010-11-29Replace a couple plugin usages of NICKNAME_FMT with Nickname::normalize()Brion Vibber
2010-11-29Add Nickname test cases for @-reply regexes in common_find_mentionsBrion Vibber
2010-11-29Nickname class to encapsulate validation & common regexes for nickname formats.Brion Vibber
This provides initial infrastructure for decoupling display names from internal canonical names, but continues to have us storing and using the canonical forms. It should be/become possible to provide mixed-case and underscore-containing names in links, @-mention, !-group, etc, but we don't store those alternate forms generally.
2010-11-29Work in progress on nickname validation changes. lib/nickname.php appears to ↵Brion Vibber
have been destroyed by NetBeans and will be rewritten shortly. Sigh.
2010-11-29doc comments on User::allowed_nicknameBrion Vibber
2010-11-29Start on some nickname-validation test cases: several of these fail right ↵Brion Vibber
now because we had regressions in 0.8 or 0.9 where we lost normalization of uppercase and some other chars.
2010-11-29Add some doc comments on nickname-related stuff in util.phpBrion Vibber
2010-11-27Net URL Mapper Path plex fileEvan Prodromou
2010-11-27Net_URL_Mapper 0.9.1Evan Prodromou
2010-11-26Merge remote branch 'gitorious/0.9.x' into 0.9.xEvan Prodromou
2010-11-26Make OStatusPlugin define push feed relEvan Prodromou
2010-11-26Make userxrd work without OStatus enabledEvan Prodromou
2010-11-26Make userxrd part of the default hostmetaEvan Prodromou
2010-11-26Move user xrd action to core and use hooks to extendEvan Prodromou
Moved the Webfinger user XRD action from the OStatus plugin to core. Added hooks to add OStatus-specific stuff, but kept general stuff in the core.
2010-11-26move xrd and hostmeta out of the OStatus plugin and into coreCraig Andrews
add event for setting up hostmeta, and use them in the OStatus plugin
2010-11-24Update util.min.js for attachment preview on Firefox, ChromeBrion Vibber
2010-11-24Preview thumbnails of uploaded image attachments before posting on ↵Brion Vibber
supporting browsers. Tested working so far: * Firefox 3.6 and 4.0 (FileReader -> data URL) * Chrome 8 (createObjectURL; FileReader also works) Tested with limited support: * Safari 5.0.3 (no preview, but we can show type and size) Tested and known not to support FileAPI, keeps current behavior: * Opera 11 beta
2010-11-24Add LogFilter plugin: quickie way to filter out/in log output based on ↵Brion Vibber
priority or keyword matches. Should be helpful for folks who can't easily adjust their syslog filtering.
2010-11-23logging tweak for Twitter status ID issueBrion Vibber
2010-11-23Fixes for Twitter bridge breakage on 32-bit servers. New "Snowflake" 64-bit ↵Brion Vibber
IDs have become too big to fit in the integer portion of double-precision floats, so to reliably use these IDs we need to pull the new string form now. Machines with 64-bit PHP installation should have had no problems (except on Windows, where integers are still 32 bits)
2010-11-22FacebookBridge - fail gracefully if the user has already deleted aZach Copley
linked notice on Facebook.
2010-11-22Merge branch 'master' into 0.9.xBrion Vibber
2010-11-22Fixes for delete_status_network.sh:Brion Vibber
* add some sanity checking: abort on failures instead of plodding through * add some progress / error output * fetch the target database server name from the status_network entry and use that to target the DROP DATABASE Note that database names and other overrides in status_network entry may still not be seen.
2010-11-19Merge branch 'master' into 0.9.xBrion Vibber
2010-11-19Fix ticket #2700: some numeric IDs were misinterpreted as hex numbers ↵Brion Vibber
instead of strings when '0x123' passed in. Switched from is_numeric() to a custom self::is_decimal() which is more strict. This makes our behavior match Twitter's API a bit better, so eg this: http://identi.ca/api/statuses/home_timeline/0x6d686b.xml should now be equivalent to: http://identi.ca/api/statuses/home_timeline.xml?screen_name=0x6d686b instead of: http://identi.ca/api/statuses/home_timeline.xml?user_id=7170155
2010-11-19Merge branch 'master' into 0.9.xBrion Vibber
2010-11-19Ticket #2724: gracefully handle attempts to delete or fave/unfave a remote ↵Brion Vibber
Twitter notice if a failure occurs. Most annoying error case being where the notice was already faved or deleted on Twitter! :) Such errors will now just fail out and log a note to the syslog -- the rest of what we were doing will continue on unhindered, so you can still delete, favorite, etc and it just won't sync the info over in that case.
2010-11-19Merge branch 'master' into 0.9.xBrion Vibber
2010-11-19Ticket #2796: don't allow arbitrary overriding of the 'action' class and ↵Brion Vibber
other parameters pulled from the URL mapper. This protects against oddities such as manual invocation of the ClientError action, which can spoof error messages.
2010-11-19Ticket #2797: replace addslashes() with explicit escape calls on the DB objectsBrion Vibber
2010-11-19Merge branch 'master' into 0.9.xBrion Vibber
2010-11-19Ticket #1987: support since_id on API notice search methods.Brion Vibber
max_id is not yet implemented, as it'll need support added to the search backends. (since_id we get 'for free' by just cropping off the list, it'll do for now)
2010-11-19Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.xBrion Vibber
2010-11-19Ticket #2441: fix deletion of avatars when a profile is deleted.Brion Vibber
Code was doing a batch call to $avatar->delete() which fails to properly engage the file deletion code. Calling the existing profile->delete_avatars() function deletes them individually, which makes it all work nice again.
2010-11-19Drop PEAR HTTP_Request library -- no longer used since Services_oEmbed was ↵Brion Vibber
dropped. (HTTP_Request2 is separate and is widely used. Net_URL is also used separately by Net_URL_Mapper.)
2010-11-19Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.xBrion Vibber
2010-11-19Ticket #2899: clean up inbox/outbox DM form a bit:Brion Vibber
- "To" drop-down list now defaults to showing "Select recipient:" instead of the first person on your list, reducing liklihood of accidentally sending a message to the wrong person. - When there are no mutual subscribers to send to, instead of an empty list the list now shows 'No mutual subscribers.' In both cases, attempting to send when the default is selected displays an error message. I'm not disabling form elements in part because our themes right now don't show disabled button state correctly; we might want to tighten that up a bit more once fixed.
2010-11-19Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.xBrion Vibber
2010-11-18Automatically make Facebook admin panel available if the FacebookBridgeZach Copley
plugin is installed.
2010-11-18scripts/deletegroup.php -- basic CLI script to delete a group by id or local ↵Brion Vibber
nickname. Like deleteuser.php, this can be used in batch runs by providing the -y override.
2010-11-18Fix regression in PopularNoticeSection: tag parameter was broken, causing ↵Brion Vibber
sidebar on tag pages to show untagged favorites.
2010-11-18Facebook: Add needed perms to plain login URLZach Copley
2010-11-18Fix name of Facebook Bridge pluginZach Copley
2010-11-17Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.xBrion Vibber
2010-11-17Partial fix for tickets #2194, #2393: Workaround for Meteor breaking AJAX ↵Brion Vibber
error responses returned on posting new notices. Fixes things in Firefox 4, but Safari 5 and Chrome 8 still don't return data... either on success or failure! Sigh. The Meteor realtime plugin sets document.domain to the common prefix between the main server and the Meteor server's hostnames, which overrides the same-origin controls on JavaScript DOM access so the two parts of the app can speak to each other. This unfortunately causes "fun" side effects for XMLHTTPRequest access to the main domain... if the new domain doesn't match the actual host (eg 'status.net' instead of 'brion.status.net') then we can't access the XHR's responseXML attribute, which holds a DOM tree of the parsed XML return data. As a workaround, if we can't get at the contents there, we'll parse a fresh DOM tree in the local context from the responseText property, which remains available. In the longer term, recommend retooling the realtime stuff so it's not fiddling with document.domain. It could also be an issue as it could allow local JavaScript XSS attacks to migrate to subdomains in other open windows.
2010-11-17Merge branch '0.9.x' of git@gitorious.org:statusnet/mainline into 0.9.xZach Copley
2010-11-17Remove dumb debugging statementZach Copley
2010-11-17Facebook: Gracefully handle disconnectionZach Copley