statusnet:mainline.git
4 years agoMerge branch '1.1.x' master
Evan Prodromou [Tue, 16 Jul 2013 19:06:51 +0000 (15:06 -0400)]
Merge branch '1.1.x'

4 years agoFix broken Italian translation in facebook bridge 1.1.x v1.1.1
Evan Prodromou [Tue, 16 Jul 2013 18:28:29 +0000 (11:28 -0700)]
Fix broken Italian translation in facebook bridge

4 years agoUpgrade version number
Evan Prodromou [Tue, 16 Jul 2013 18:23:47 +0000 (11:23 -0700)]
Upgrade version number

Conflicts:
lib/framework.php

4 years agoUpgrade version number
Evan Prodromou [Tue, 16 Jul 2013 18:23:47 +0000 (11:23 -0700)]
Upgrade version number

4 years agoMerge 1.1.x into master
Evan Prodromou [Tue, 16 Jul 2013 17:57:06 +0000 (10:57 -0700)]
Merge 1.1.x into master

4 years agoEscape argument to prevent SQL injection attack in
Joshua Wise [Tue, 16 Jul 2013 17:47:29 +0000 (10:47 -0700)]
Escape argument to prevent SQL injection attack in
User::getTaggedSubscriptions()

This change escapes the $tag argument to prevent a SQL injection
attack in User::getTaggedSubscriptions(). The parameter was not
escaped higher up the stack, so this vulnerability could be exploited.

4 years agoEscape argument to User::getTaggedSubscribers() to preven SQL injection
Joshua Wise [Tue, 16 Jul 2013 17:43:56 +0000 (10:43 -0700)]
Escape argument to User::getTaggedSubscribers() to preven SQL injection

This change escapes the argument to User::getTaggedSubscribers() to
prevent SQL injection attacks.

Both code paths up the stack fail to escape this parameter, so this is
a potential SQL injection attack.

4 years agoEscape query parameters in Profile_tag::getTagged()
Joshua Wise [Tue, 16 Jul 2013 17:35:44 +0000 (10:35 -0700)]
Escape query parameters in Profile_tag::getTagged()

This patch escapes query parameters in Profile_tag::getTagged(). This
is an extra security step; since these parameters come out of the
database, it's unlikely that they would have dangerous data in them.

4 years agoEscape SQL parameter in Profile_tag::moveTag()
Joshua Wise [Tue, 16 Jul 2013 17:27:30 +0000 (10:27 -0700)]
Escape SQL parameter in Profile_tag::moveTag()

This change adds additional escapes for arguments to
Profile_tag::moveTag(). The arguments are canonicalized in the API and
Web UI paths higher up the stack, but this change makes sure that no
other paths can introduce SQL injection errors.

4 years agoEscape $tag passed to Profile::getTaggedSubscribers()
Joshua Wise [Tue, 16 Jul 2013 17:14:38 +0000 (10:14 -0700)]
Escape $tag passed to Profile::getTaggedSubscribers()

This patch escapes the $tag parameter in
Profile::getTaggedSubscribers(). The parameter is not escaped either
in actions/subscriptions.php or in actions/apiuserfollowers.php. So
there is a potential for SQL injection here.

4 years agoPotential SQL injection in Local_group::setNickname()
Joshua Wise [Tue, 16 Jul 2013 17:09:16 +0000 (10:09 -0700)]
Potential SQL injection in Local_group::setNickname()

This change escapes a parameter in Local_group::setNickname(). Review
of the code paths that call this function sanitize the parameter
higher up the stack, but it's escaped here to prevent mistakes later.

Note that nickname parameters are normally alphanum strings, so
there's not much danger in double-escaping them.

4 years agoPotential SQL injection in Local_group::setNickname()
Joshua Wise [Tue, 16 Jul 2013 17:09:16 +0000 (10:09 -0700)]
Potential SQL injection in Local_group::setNickname()

This change escapes a parameter in Local_group::setNickname(). Review
of the code paths that call this function sanitize the parameter
higher up the stack, but it's escaped here to prevent mistakes later.

Note that nickname parameters are normally alphanum strings, so
there's not much danger in double-escaping them.

4 years agoBetter verb comparison
Evan Prodromou [Sun, 30 Jun 2013 16:08:11 +0000 (12:08 -0400)]
Better verb comparison

4 years agoSlightly more robust group-membership conversion
Evan Prodromou [Sun, 30 Jun 2013 16:07:55 +0000 (12:07 -0400)]
Slightly more robust group-membership conversion

4 years agoSquashed commit of the following:
Evan Prodromou [Sat, 29 Jun 2013 11:49:43 +0000 (07:49 -0400)]
Squashed commit of the following:

commit bd23a7da105d635414643dfcedd9c8f710d565b8
Author: Evan Prodromou <evan@e14n.com>
Date:   Sat Jun 29 07:49:03 2013 -0400

    Make the after flag work correctly

commit 5c5845a2f866f0bbffedd8e2e5d1f512f87d5329
Author: Evan Prodromou <evan@e14n.com>
Date:   Sat Jun 29 06:14:43 2013 -0400

    Add an 'after' flag for backup script

4 years agoSquashed commit of the following:
Evan Prodromou [Sat, 29 Jun 2013 11:49:43 +0000 (07:49 -0400)]
Squashed commit of the following:

commit bd23a7da105d635414643dfcedd9c8f710d565b8
Author: Evan Prodromou <evan@e14n.com>
Date:   Sat Jun 29 07:49:03 2013 -0400

    Make the after flag work correctly

commit 5c5845a2f866f0bbffedd8e2e5d1f512f87d5329
Author: Evan Prodromou <evan@e14n.com>
Date:   Sat Jun 29 06:14:43 2013 -0400

    Add an 'after' flag for backup script

4 years agoMerge branch '1.1.x' of gitorious.org:statusnet/mainline into 1.1.x
Evan Prodromou [Wed, 26 Jun 2013 02:27:23 +0000 (22:27 -0400)]
Merge branch '1.1.x' of gitorious.org:statusnet/mainline into 1.1.x

4 years agoBetter output for shares
Evan Prodromou [Wed, 26 Jun 2013 02:26:27 +0000 (22:26 -0400)]
Better output for shares

4 years agoBetter output for shares
Evan Prodromou [Wed, 26 Jun 2013 02:26:27 +0000 (22:26 -0400)]
Better output for shares

4 years agoAdd messages, directed notices to sim
Evan Prodromou [Tue, 18 Jun 2013 03:16:49 +0000 (20:16 -0700)]
Add messages, directed notices to sim

4 years agoSet the site profile on install
Evan Prodromou [Tue, 18 Jun 2013 03:16:31 +0000 (20:16 -0700)]
Set the site profile on install

4 years agoMake favorites in createsim
Evan Prodromou [Sun, 16 Jun 2013 02:18:19 +0000 (02:18 +0000)]
Make favorites in createsim

4 years agoTurn off Activity by default
Evan Prodromou [Sun, 16 Jun 2013 02:16:40 +0000 (02:16 +0000)]
Turn off Activity by default

4 years agoMerge commit 'merge-requests/192' into statusnet_1.1.x
Jean Baptiste Favre [Sat, 15 Jun 2013 18:11:24 +0000 (20:11 +0200)]
Merge commit 'merge-requests/192' into statusnet_1.1.x

4 years agoFix introduced bug, trying to shorten an empty status.
Jean Baptiste Favre [Tue, 11 Sep 2012 13:57:13 +0000 (15:57 +0200)]
Fix introduced bug, trying to shorten an empty status.

4 years agoCode cleaning. Do call shortenLinks only once, right before saving new notice.
Jean Baptiste Favre [Sat, 8 Sep 2012 21:56:19 +0000 (17:56 -0400)]
Code cleaning. Do call shortenLinks only once, right before saving new notice.

4 years agoCode cleaning, remove 'TEST' tags.
Jean Baptiste Favre [Thu, 6 Sep 2012 15:16:30 +0000 (11:16 -0400)]
Code cleaning, remove 'TEST' tags.

4 years agoNotice update with media attachment may fail through API when status text + attachmen...
Jean Baptiste Favre [Thu, 6 Sep 2012 15:11:33 +0000 (11:11 -0400)]
Notice update with media attachment may fail through API when status text + attachment length get higher than max notice length. Calling URL shortener can make global length less than maxlength, though allowing notice update.

4 years agoFix introduced bug, trying to shorten an empty status. 218
Jean Baptiste Favre [Tue, 11 Sep 2012 13:57:13 +0000 (15:57 +0200)]
Fix introduced bug, trying to shorten an empty status.

4 years agoCode cleaning. Do call shortenLinks only once, right before saving new notice.
Jean Baptiste Favre [Sat, 8 Sep 2012 21:56:19 +0000 (17:56 -0400)]
Code cleaning. Do call shortenLinks only once, right before saving new notice.

4 years agoCode cleaning, remove 'TEST' tags.
Jean Baptiste Favre [Thu, 6 Sep 2012 15:16:30 +0000 (11:16 -0400)]
Code cleaning, remove 'TEST' tags.

4 years agoNotice update with media attachment may fail through API when status text + attachmen...
Jean Baptiste Favre [Thu, 6 Sep 2012 15:11:33 +0000 (11:11 -0400)]
Notice update with media attachment may fail through API when status text + attachment length get higher than max notice length. Calling URL shortener can make global length less than maxlength, though allowing notice update.

4 years agoAdd configuration check. Need 'server', 'port', 'user' and 'password' to be defined...
Jean Baptiste Favre [Sun, 26 Aug 2012 21:20:03 +0000 (23:20 +0200)]
Add configuration check. Need 'server', 'port', 'user' and 'password' to be defined (not valid, just defined).

4 years agoRemove static definition of imdaemon.php as valid daemon.
Jean Baptiste Favre [Sun, 26 Aug 2012 20:53:09 +0000 (22:53 +0200)]
Remove static definition of imdaemon.php as valid daemon.

4 years agoAdd basic support for GetValidDaemon event. Shall be extended with configuration...
Jean Baptiste Favre [Sun, 26 Aug 2012 20:52:21 +0000 (22:52 +0200)]
Add basic support for GetValidDaemon event. Shall be extended with configuration check.

4 years agoRemove alone 'groups' link on the left side. Useless I guess.
Jean Baptiste Favre [Mon, 27 Aug 2012 22:25:53 +0000 (00:25 +0200)]
Remove alone 'groups' link on the left side. Useless I guess.

4 years agoAdd same CSS rules for #remoteprofile than for #showstream. Allows to hide avatars...
Jean Baptiste Favre [Mon, 27 Aug 2012 22:21:41 +0000 (00:21 +0200)]
Add same CSS rules for #remoteprofile than for #showstream. Allows to hide avatars, like for local profiles.

4 years agoDisplay notices for remote profile. Would like to hide avatar like in local profile...
Jean Baptiste Favre [Mon, 27 Aug 2012 19:02:53 +0000 (21:02 +0200)]
Display notices for remote profile. Would like to hide avatar like in local profile but did not found how to do it.

4 years agoFix error 'No matches for action subscriptions with arguments nickname...' when displ...
Jean Baptiste Favre [Mon, 27 Aug 2012 17:41:28 +0000 (19:41 +0200)]
Fix error 'No matches for action subscriptions with arguments nickname...' when displaying remote profile.

4 years agoYou need an API key when using embed.ly. Unfortunatly oembedhelper.php does not suppo...
Jean Baptiste Favre [Wed, 29 Aug 2012 19:36:55 +0000 (21:36 +0200)]
You need an API key when using embed.ly. Unfortunatly oembedhelper.php does not support it. This commit aims to fix it.

4 years agoBookmark plugin enhancement: display Bookmark's list. Integration of @chimo's work...
Jean Baptiste Favre [Fri, 14 Sep 2012 15:37:42 +0000 (17:37 +0200)]
Bookmark plugin enhancement: display Bookmark's list. Integration of @chimo's work (http://sn.chromic.org/) from https://github.com/chimo/BookmarkList into official plugin.

4 years agoBetter ID for notice activity
Evan Prodromou [Sat, 15 Jun 2013 16:07:34 +0000 (12:07 -0400)]
Better ID for notice activity

4 years agoBetter ID for notice activity
Evan Prodromou [Sat, 15 Jun 2013 16:07:34 +0000 (12:07 -0400)]
Better ID for notice activity

4 years agoMerge remote-tracking branch 'origin/master'
Evan Prodromou [Sat, 15 Jun 2013 15:13:57 +0000 (11:13 -0400)]
Merge remote-tracking branch 'origin/master'

4 years agoFix for #3649 issue.
Jean Baptiste Favre [Sat, 25 Aug 2012 11:41:09 +0000 (13:41 +0200)]
Fix for #3649 issue.

4 years agoFix for #3649 issue.
Jean Baptiste Favre [Sat, 25 Aug 2012 11:41:09 +0000 (13:41 +0200)]
Fix for #3649 issue.

4 years agoFix INSTALLDIR constant definition. 214
Jean Baptiste Favre [Wed, 29 Aug 2012 18:08:42 +0000 (20:08 +0200)]
Fix INSTALLDIR constant definition.

4 years agoFix for #3651: oAuth apps list does only show the latest registered application
Jean Baptiste Favre [Sun, 26 Aug 2012 18:32:53 +0000 (20:32 +0200)]
Fix for #3651: oAuth apps list does only show the latest registered application

4 years agoFix for #3651: oAuth apps list does only show the latest registered application 211
Jean Baptiste Favre [Sun, 26 Aug 2012 18:32:53 +0000 (20:32 +0200)]
Fix for #3651: oAuth apps list does only show the latest registered application

4 years agoFix for #3463. Make InfiniteScroll plugin use config['plugins']['server'] if defined...
Jean Baptiste Favre [Sun, 18 Dec 2011 15:19:32 +0000 (16:19 +0100)]
Fix for #3463. Make InfiniteScroll plugin use config['plugins']['server'] if defined to build ajax-loader.gif URL

4 years agoFix missing variable in InfiniteScrollPlugin class. Fix issue #3525
Jean Baptiste Favre [Tue, 13 Dec 2011 21:09:08 +0000 (22:09 +0100)]
Fix missing variable in InfiniteScrollPlugin class. Fix issue #3525

4 years agoMakes ClientSideShorten loading shorten.js from config['plugins']['server'] if setted... 181
Jean Baptiste Favre [Sun, 18 Dec 2011 14:09:53 +0000 (15:09 +0100)]
Makes ClientSideShorten loading shorten.js from config['plugins']['server'] if setted. Fix #3528

4 years agoGet rid of t.co links for notice's text version. Usefull for client using API. Comple...
Jean Baptiste Favre [Fri, 14 Jun 2013 21:27:24 +0000 (23:27 +0200)]
Get rid of t.co links for notice's text version. Usefull for client using API. Complements merge-request #205 by @mmn

4 years agoReplace t.co links with expanded one provided by Twitter. Can still be a shortened...
Jean Baptiste Favre [Thu, 13 Sep 2012 20:40:13 +0000 (22:40 +0200)]
Replace t.co links with expanded one provided by Twitter. Can still be a shortened one & will be done only for HTML view, but still a start. Backport of merge_requests/205.

4 years agoGet rid of t.co links for notice's text version. Usefull for client using API. Comple... 226
Jean Baptiste Favre [Fri, 14 Jun 2013 21:27:24 +0000 (23:27 +0200)]
Get rid of t.co links for notice's text version. Usefull for client using API. Complements merge-request #205 by @mmn

4 years agoCast lat/lon to float; check for non-empty
Evan Prodromou [Sun, 9 Jun 2013 01:16:58 +0000 (21:16 -0400)]
Cast lat/lon to float; check for non-empty

4 years agoPass null to Profile::profileInfo()
Evan Prodromou [Sun, 9 Jun 2013 01:12:29 +0000 (21:12 -0400)]
Pass null to Profile::profileInfo()

4 years agoBad variable in ActivityObject::fromMessage()
Evan Prodromou [Sun, 9 Jun 2013 01:05:09 +0000 (21:05 -0400)]
Bad variable in ActivityObject::fromMessage()

4 years agoBad variable in Message::asActivity()
Evan Prodromou [Sun, 9 Jun 2013 01:04:51 +0000 (21:04 -0400)]
Bad variable in Message::asActivity()

4 years agoBad variable in ActivityObject::fromMessage()
Evan Prodromou [Sun, 9 Jun 2013 01:05:09 +0000 (21:05 -0400)]
Bad variable in ActivityObject::fromMessage()

4 years agoBad variable in Message::asActivity()
Evan Prodromou [Sun, 9 Jun 2013 01:04:51 +0000 (21:04 -0400)]
Bad variable in Message::asActivity()

4 years agoUse the link property for the URL, not the ID
Evan Prodromou [Sat, 8 Jun 2013 23:18:28 +0000 (19:18 -0400)]
Use the link property for the URL, not the ID

4 years agoUse the link property for the URL, not the ID
Evan Prodromou [Sat, 8 Jun 2013 23:18:28 +0000 (19:18 -0400)]
Use the link property for the URL, not the ID

4 years agoAdd direct messages to backup
Evan Prodromou [Sat, 8 Jun 2013 21:53:47 +0000 (17:53 -0400)]
Add direct messages to backup

4 years agoStore direct messages as an activity
Evan Prodromou [Sat, 8 Jun 2013 21:45:49 +0000 (17:45 -0400)]
Store direct messages as an activity

4 years agoAdd direct messages to backup
Evan Prodromou [Sat, 8 Jun 2013 21:53:47 +0000 (17:53 -0400)]
Add direct messages to backup

4 years agoStore direct messages as an activity
Evan Prodromou [Sat, 8 Jun 2013 21:45:49 +0000 (17:45 -0400)]
Store direct messages as an activity

4 years agoMerge remote-tracking branch 'origin/master'
Evan Prodromou [Sat, 8 Jun 2013 18:58:36 +0000 (14:58 -0400)]
Merge remote-tracking branch 'origin/master'

4 years agoMerge remote-tracking branch 'origin/master'
Evan Prodromou [Sat, 8 Jun 2013 18:57:20 +0000 (14:57 -0400)]
Merge remote-tracking branch 'origin/master'

4 years agoThrow exception if subscription is invalid
Evan Prodromou [Sat, 8 Jun 2013 18:56:57 +0000 (14:56 -0400)]
Throw exception if subscription is invalid

4 years agoSome more well-known sources from plugins
Evan Prodromou [Fri, 7 Jun 2013 15:49:34 +0000 (11:49 -0400)]
Some more well-known sources from plugins

4 years agoSome more well-known sources from plugins
Evan Prodromou [Fri, 7 Jun 2013 15:49:34 +0000 (11:49 -0400)]
Some more well-known sources from plugins

4 years agoAdd generator to JSON output
Evan Prodromou [Fri, 7 Jun 2013 15:34:54 +0000 (11:34 -0400)]
Add generator to JSON output

4 years agoAdd generator to JSON output
Evan Prodromou [Fri, 7 Jun 2013 15:34:54 +0000 (11:34 -0400)]
Add generator to JSON output

4 years agoSome better context for notices as arrays
Evan Prodromou [Fri, 7 Jun 2013 07:11:23 +0000 (03:11 -0400)]
Some better context for notices as arrays

4 years agoSome better context for notices as arrays
Evan Prodromou [Fri, 7 Jun 2013 07:11:23 +0000 (03:11 -0400)]
Some better context for notices as arrays

4 years agoCoerce width, height of media link to integer
Evan Prodromou [Fri, 7 Jun 2013 04:30:04 +0000 (00:30 -0400)]
Coerce width, height of media link to integer

4 years agoCoerce width, height of media link to integer
Evan Prodromou [Fri, 7 Jun 2013 04:30:04 +0000 (00:30 -0400)]
Coerce width, height of media link to integer

4 years agoFix the switch on type
Evan Prodromou [Wed, 5 Jun 2013 20:58:31 +0000 (16:58 -0400)]
Fix the switch on type

4 years agoFix the switch on type
Evan Prodromou [Wed, 5 Jun 2013 20:58:31 +0000 (16:58 -0400)]
Fix the switch on type

4 years agoBetter type check, better URL
Evan Prodromou [Wed, 5 Jun 2013 20:51:35 +0000 (16:51 -0400)]
Better type check, better URL

4 years agoBetter type check, better URL
Evan Prodromou [Wed, 5 Jun 2013 20:51:35 +0000 (16:51 -0400)]
Better type check, better URL

4 years agoBetter URL creation for attachments
Evan Prodromou [Wed, 5 Jun 2013 20:12:54 +0000 (16:12 -0400)]
Better URL creation for attachments

4 years agoBetter handling of null values in ActivityObject::mimeTypeToObjectType
Evan Prodromou [Wed, 5 Jun 2013 20:11:51 +0000 (16:11 -0400)]
Better handling of null values in ActivityObject::mimeTypeToObjectType

4 years agoBetter URL creation for attachments
Evan Prodromou [Wed, 5 Jun 2013 20:12:54 +0000 (16:12 -0400)]
Better URL creation for attachments

4 years agoBetter handling of null values in ActivityObject::mimeTypeToObjectType
Evan Prodromou [Wed, 5 Jun 2013 20:11:51 +0000 (16:11 -0400)]
Better handling of null values in ActivityObject::mimeTypeToObjectType

4 years agoUse real attachments for JSON output
Evan Prodromou [Wed, 5 Jun 2013 13:39:13 +0000 (09:39 -0400)]
Use real attachments for JSON output

4 years agoUse real attachments for JSON output
Evan Prodromou [Wed, 5 Jun 2013 13:39:13 +0000 (09:39 -0400)]
Use real attachments for JSON output

4 years agoDon't set the title of a notice to its plain-text content.
Evan Prodromou [Wed, 5 Jun 2013 02:27:29 +0000 (22:27 -0400)]
Don't set the title of a notice to its plain-text content.

4 years agoDon't set the title of a notice to its plain-text content.
Evan Prodromou [Wed, 5 Jun 2013 02:27:29 +0000 (22:27 -0400)]
Don't set the title of a notice to its plain-text content.

4 years agoDon't add content as title for notes
Evan Prodromou [Tue, 4 Jun 2013 23:52:38 +0000 (19:52 -0400)]
Don't add content as title for notes

4 years agoDon't add content as title for notes
Evan Prodromou [Tue, 4 Jun 2013 23:52:38 +0000 (19:52 -0400)]
Don't add content as title for notes

4 years agoChange geopoint to location
Evan Prodromou [Tue, 4 Jun 2013 21:22:51 +0000 (17:22 -0400)]
Change geopoint to location

4 years agoChange geopoint to location
Evan Prodromou [Tue, 4 Jun 2013 21:22:51 +0000 (17:22 -0400)]
Change geopoint to location

4 years agoRemove duplicate of extensions
Evan Prodromou [Tue, 4 Jun 2013 21:15:43 +0000 (17:15 -0400)]
Remove duplicate of extensions

4 years agoRemove duplicate of extensions
Evan Prodromou [Tue, 4 Jun 2013 21:15:43 +0000 (17:15 -0400)]
Remove duplicate of extensions

4 years agoUse status_net, portablecontacts_net namespaces
Evan Prodromou [Tue, 4 Jun 2013 21:12:28 +0000 (17:12 -0400)]
Use status_net, portablecontacts_net namespaces

4 years agoUse status_net, portablecontacts_net namespaces
Evan Prodromou [Tue, 4 Jun 2013 21:12:28 +0000 (17:12 -0400)]
Use status_net, portablecontacts_net namespaces

4 years agoSlightly better ActivityStreams JSON output
Evan Prodromou [Tue, 4 Jun 2013 21:00:51 +0000 (17:00 -0400)]
Slightly better ActivityStreams JSON output

4 years agoSlightly better ActivityStreams JSON output
Evan Prodromou [Tue, 4 Jun 2013 21:00:51 +0000 (17:00 -0400)]
Slightly better ActivityStreams JSON output