summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2010-10-26Set cookies with "secure" flag on SSL sites. Improves security.testingCraig Andrews
2010-10-25Forgot to add the OAuth verifier pin page to sensitive arrayZach Copley
2010-10-25We don't need to have editapplication (only showapplication) in theZach Copley
sensitive array because it doesn't expose the consumer keypair
2010-10-25Add OAuth token exchange endpoint to 'sensitive' array; i.e.: use SSL ifZach Copley
available
2010-10-22Additional fixes found while looking at ticket #2532: when given a screen ↵Brion Vibber
name as API parameter for a profile, do the nickname lookup on local users only. The profile table can't guarantee unique lookups, so using names isn't currently safe there. This won't affect anything using local nicknames correctly, and may avoid some weird bugs if there were conflicts between local and remote nicknames.
2010-10-22Fix for ticket #2532: fixed API block create/destroy when specifying the ↵Brion Vibber
target user/profile as a separate query parameter, such as api/blocks/create.xml?param=xxx The router settings weren't quite right so we ended up with bogus regex values passed in as the 'id' parameter, which broke the regular fallback ordering of parameter checks.
2010-10-22Normalize HTML body ids to lowercase when the user is logged out as well.Zach Copley
2010-10-21Workaround for http_build_query() oddities in low-level router parent code ↵Brion Vibber
when PHP config is set with non-default separator.
2010-10-21Re-camelcase ApiOauthAuthorizeAction so it will be accessible whenZach Copley
a site is in pivate mode
2010-10-21Normalize all action HTML body ids to lowercaseZach Copley
2010-10-21Change OAuth authorization page's action name to be inline withZach Copley
other web page action names so the body id outputs correctly. Fix some other bugs.
2010-10-21Merge branch '0.9.x' of git@gitorious.org:statusnet/mainline into 0.9.xZach Copley
2010-10-21Fix syntax errorZach Copley
2010-10-21i18n/L10n updates, translator docs updated, superfluous whitespace removed.Siebrand Mazeland
2010-10-20Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.xZach Copley
Conflicts: actions/apioauthauthorize.php lib/apioauthstore.php
2010-10-20Use a new table (oauth_token_association) to associate authorizedZach Copley
request tokins with OAuth client applications and profiles.
2010-10-21* translator documentation added.Siebrand Mazeland
* moved some translator comments that were not directly above the line with the message to the correct location. * i18n for UI text. * superfluous whitespace removed.
2010-10-20Fix for ticket #2845: singleuser nickname configuration was being overridden ↵Brion Vibber
by site owner in router setup. I've consolidated the checks for which user to use for single-user mode into User::singleUser(), which now uses the configured nickname by preference, falling back to the site owner if it's unset. This is now called consistently from the places that needed to use the primary user's nickname in routing setup. Setting $config['singleuser']['nickname'] should now work again as expected.
2010-10-20Add FIXMESiebrand Mazeland
2010-10-20* i18n/L10n fixes.Siebrand Mazeland
* translator documentation updated/added. * superfluous whitespace removed.
2010-10-20Merge branch '0.9.x' of git://gitorious.org/statusnet/mainline into 0.9.xSiebrand Mazeland
2010-10-20Fix nasty bug in parameter for e-mail notification for favourite.Siebrand Mazeland
2010-10-19Merge branch 'anon-consumer' into 0.9.xZach Copley
2010-10-19Add support for an anonymous OAuth consumer. Note: this requires aZach Copley
small DB tweak. Oauth_application_user needs to have the primary compound key: (profile_id, application_id, token). http://status.net/open-source/issues/2761 This should also make it possible to have multiple access tokens per application. http://status.net/open-source/issues/2788
2010-10-20More complete sentence and translator documentation added.Siebrand Mazeland
2010-10-20Many i18n/L10n updates and lots of descriptions for translators added.Siebrand Mazeland
2010-10-19Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.xZach Copley
2010-10-19OAuth - better log messagesZach Copley
2010-10-18Bump version/string: 0.9.6 "Man on the Moon"Brion Vibber
2010-10-18fix notice on non-https viewsBrion Vibber
2010-10-18default for nofollow external is sometimesEvan Prodromou
2010-10-18options to nofollow external links in noticesEvan Prodromou
2010-10-14Merge branch '2828' into 0.9.xBrion Vibber
2010-10-14Fix for ticket #2828: apostrophe in site name set in installer created a ↵Brion Vibber
broken config.php. Now running values through var_export() before putting them into the config.php, ensuring strings will be properly quoted.
2010-10-14document and default for site|ssllogoEvan Prodromou
2010-10-14fix copy-and-paste error in javascript url creationEvan Prodromou
2010-10-14make the logo be compatible with HTTPS pages, if possibleEvan Prodromou
2010-10-14Make HTTPS urls in File::url() if necessaryEvan Prodromou
2010-10-14correctly use sslserver if it is setEvan Prodromou
2010-10-14use HTTPS for scripts and stylesheets if the current page is HTTPSEvan Prodromou
2010-10-14show HTTPS urls for JavaScript if HTTPS used for pageEvan Prodromou
2010-10-14consolidate some theme path code between ssl and non-sslEvan Prodromou
2010-10-14use HTTPS for favicon.ico if page is HTTPSEvan Prodromou
2010-10-14try to show HTTPS-encrypted theme files for HTTPS-encrypted pagesEvan Prodromou
2010-10-14try and show an SSL image for the creative commons imageEvan Prodromou
2010-10-14add static method StatusNet::isHTTPS()Evan Prodromou
2010-10-13Merge remote branch 'gitorious/0.9.x' into 0.9.xEvan Prodromou
2010-10-13Clean up remote avatar temporary files if we fail before saving them into ↵Brion Vibber
avatars directory (OMB core, OStatus, WikiHowProfile, YammerImport)
2010-10-12Merge branch 'oauth-1.0a' into 0.9.xZach Copley
2010-10-12Spelling - OAuth not OathZach Copley