zotlabs
6078d02c3a
more work related to attach/photo and os_path, display_path and general code cleanup
2017-03-15 01:20:21 -07:00
zotlabs
2c73b457ef
input filter updates
2017-03-14 17:07:29 -07:00
zotlabs
1244b0e36a
class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor
2017-03-14 00:23:44 -07:00
zotlabs
58aa0f3e1a
code_allowed is a real mess. Start the cleanup by remving the account level code allow and limiting to specific channels only. This reduces the possibility of cross channel security issues coming into play. Then provide a single function for checking the code permission. This is only partially done as we often need to check against the observer or logged in channel as well as the resource owner to ensure that this only returns true for local channels which also own the requested resource.
2017-03-13 16:19:47 -07:00
zotlabs
fc533107ed
better handling of mimetype security
2017-03-12 21:55:24 -07:00
zotlabs
c39c925d8d
grrr. stop making branding assumptions.
2017-03-12 17:32:45 -07:00
zotlabs
4c526c7d3d
Merge branch 'dev' into red
2017-03-11 18:02:59 -08:00
zotlabs
1a49f0d164
one role.
2017-03-09 18:54:10 -08:00
zotlabs
403f4c1a6b
Monday is a proper name and should be capitalised (except in private conversation amongst unix geeks).
2017-03-08 19:23:11 -08:00
zotlabs
a18e8e1ede
add public_policy to the nwiki container also. This should not affect the recent bug as presented, but is being added for consistency.
2017-03-06 17:59:34 -08:00
zotlabs
595cb13d8f
correct fix for wiki anonymous read issue (items_permissions_sql checks item.public_policy which was set for posts, not wikis)
2017-03-06 15:33:10 -08:00
Mario Vavti
9e44b07275
allow unauthenticated access to public wiki pages
2017-03-06 22:32:05 +01:00
Mario Vavti
eaefb36212
we need item edited for wiki page history, not item created
2017-03-04 16:56:52 +01:00
zotlabs
7445f1881e
Merge branch 'dev' of https://github.com/redmatrix/hubzilla into dev_merge
2017-03-02 17:36:14 -08:00
zotlabs
e58dc726c5
activity widget - like the forum widget but represents unseen activity by author. Still experimental until it can be tested with diaspora xchans, which may require additional urlencoding.
2017-03-02 17:32:43 -08:00
Mario Vavti
dd8a3d845e
reset schema value after we empty and repopulate it. second half of fix for #624
2017-03-02 11:36:35 +01:00
zotlabs
d7e24b2494
make system.expire_delivery_reports default setting consistent (10 days)
2017-03-01 20:05:52 -08:00
zotlabs
df57e7ab93
expire unread system notifications after a year. It would provide a better experience for infrequent visitors if we didn't expire them at all, but at some point we need to draw a line so as not to degrade system performance searching through old notifications that it's highly unlikely will ever be viewed again.
2017-02-28 14:56:26 -08:00
zotlabs
fa02f3a108
Merge pull request #686 from dawnbreak/markdown
...
Upgrade PHP Markdown library.
2017-03-01 09:54:01 +11:00
zotlabs
fa944fc526
provide 'session' option to z_fetch_url to assist with remote fetches requiring magic auth
2017-02-27 23:48:54 -08:00
zotlabs
df6e75e1d6
make magic-auth work with profile vcard fetch
2017-02-27 23:37:42 -08:00
zotlabs
85082ea509
fetch profile vcard for connection
2017-02-27 21:14:09 -08:00
zotlabs
1325a81e9a
add file size notes to /cloud actions panel
2017-02-27 15:13:49 -08:00
zotlabs
18b22f5f8a
prep work
2017-02-27 14:54:41 -08:00
Klaus Weidenbach
503c368f9e
⬆️ 🔨 Upgrade PHP Markdown library.
...
The current version throws deprecated warning with PHP7.1 and PHPUnit.
Upgrade the Markdown library to the current PHP Markdown Lib 1.7.0.
Used composer to manage this library.
2017-02-27 23:40:29 +01:00
Mario Vavti
a6d13f290b
fix js issue in markdown mimetype wikis if content contains quotes
2017-02-27 13:52:08 +01:00
Mario Vavti
7f423016f0
whitespace
2017-02-27 11:11:53 +01:00
Mario Vavti
f93431b43e
do not mess up schemas
2017-02-27 10:44:50 +01:00
Mario Vavti
0f208fb36b
set minversion and maxversion for themes in view/theme/themename/php/theme.php instead of separate file.
2017-02-27 10:13:08 +01:00
Mario Vavti
4f07abe655
add a minversion to the theme and fallback to default if requirement is not met. mark incompatible themes in the theme selector
2017-02-26 21:01:20 +01:00
zotlabs
8783ccfd72
move admin permission decision out of the router - it is already provided in the module and the higher level check is causing some oembed redirect issues.
2017-02-25 16:22:09 -08:00
zotlabs
92615247ac
send sync packet on profile photo permissions change
2017-02-25 15:04:17 -08:00
zotlabs
232862ae08
escape tags on viewsrc output in case it is not text/bbcode.
2017-02-25 13:54:39 -08:00
zotlabs
70f8840fbd
Merge branch 'dev' of https://github.com/redmatrix/hubzilla into dev_merge
2017-02-24 13:55:57 -08:00
zotlabs
8d0d2015d7
We've passed the deadline for allowing unsigned zot finger tokens. It is now a protocol requirement.
2017-02-24 13:53:49 -08:00
Mario Vavti
cf11a89457
use chanlink_url() in directory since the xchan might not yet be available on our server
2017-02-24 10:08:09 +01:00
zotlabs
732dfa63c7
deleting profile vcard entries was pretty well borked
2017-02-23 20:27:12 -08:00
zotlabs
b1ff5367e7
more work on profile vcards - still a lot of work to go
2017-02-23 19:07:01 -08:00
zotlabs
96fdb88690
nativewiki: only apply markdown filter to markdown input
2017-02-23 15:15:19 -08:00
Mario Vavti
5012baba15
one more place to use chanlink_hash() instead of chanlink_url()
2017-02-23 11:41:03 +01:00
Mario Vavti
41c67fa345
more places to use chanlink_hash() instead of chanlink_url() for profile_link
2017-02-23 10:36:00 +01:00
Mario Vavti
c75852455b
use chanlink_hash() instead of chanlink_url() for $profile_link
2017-02-23 09:53:24 +01:00
Mario Vavti
55924f5c5b
apps improvements
2017-02-22 11:22:43 +01:00
zotlabs
6644dc4861
use head_add_link() for feed discovery
2017-02-21 18:58:51 -08:00
zotlabs
bbacfbdd6a
display page not updating after comment
2017-02-21 15:24:39 -08:00
Mario Vavti
cbc0e5b934
do not lock out channels with only read perms from all post actions. we check read/write permissions for each command later in the process
2017-02-21 14:52:42 +01:00
zotlabs
e54ba7ecbc
fix find_folder_hash_by_path() which was not safe against multiple attach structures with the same filename but in different directories
2017-02-20 23:03:48 -08:00
zotlabs
1c1d1f1185
update fr translation
2017-02-20 18:46:51 -08:00
zotlabs
21e3481810
wiki page permissions issue
2017-02-20 14:07:22 -08:00
zotlabs
573846707c
fix several places where head_add_(css|js) functions have been used incorrectly. It appears that mistakes were made going back a long time and propagated. Here's the way it should work:
...
- if there is no preceding / character, we look for the file within all the appropriate theme directories.
- otherwise the file should have a preceding /, which means use this path relative to the hubzilla basedir
- files beginning with // are considered to be schemeless URLs.
Therefore 'foo.css' means find the best theme-able representation of foo.css.
'/library/foo.css' means only use the version of foo.css that is in /library.
2017-02-19 16:50:41 -08:00