Streams/streams
Streams/streams
1
0
Fork 0
mirror of https://codeberg.org/streams/streams.git synced 2024-09-20 23:55:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
19088 commits 7 branches 30 tags 160 MiB
Commit graph

1052 commits

Author SHA1 Message Date
zotlabs
032b6f193d photos_album_exists() requires an observer to work correctly; provide it. 2017-03-29 14:11:22 +02:00
zotlabs
e49c59959b use the same host macro for sender address as for reply_to address 2017-03-29 14:09:58 +02:00
zotlabs
b03cd330e5 begin the process of using the relevant attach directory/path for photo albums instead of an album basename which may not be unique. Created an 'ellipsify()' function to shorten long names and keep the beginning and end intact 2017-03-29 14:09:19 +02:00
zotlabs
542fa4a08c more markdown purification 2017-03-29 14:05:12 +02:00
zotlabs
515f1e76b0 perform attach_upgrade() 2017-03-29 14:04:44 +02:00
zotlabs
d95f7efea7 after all of this, I would be very hesitant to use any multi-user system which uses markdown and which doesn't have a large security budget. 2017-03-29 14:04:04 +02:00
zotlabs
e97dd48b4c even more fine tuning of the markdown purifier - especially when used with the wiki 2017-03-29 14:03:24 +02:00
zotlabs
d5525a38f1 various input filter fixes 2017-03-29 13:56:31 +02:00
zotlabs
d7aaca6947 more work related to attach/photo and os_path, display_path and general code cleanup 2017-03-29 13:44:55 +02:00
zotlabs
fa629841bd input filter updates 2017-03-29 13:39:36 +02:00
zotlabs
6ea32a8ba3 class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor 2017-03-29 13:37:36 +02:00
zotlabs
0f7832dc30 code_allowed is a real mess. Start the cleanup by remving the account level code allow and limiting to specific channels only. This reduces the possibility of cross channel security issues coming into play. Then provide a single function for checking the code permission. This is only partially done as we often need to check against the observer or logged in channel as well as the resource owner to ensure that this only returns true for local channels which also own the requested resource. 2017-03-29 13:32:23 +02:00
Mario Vavti
107083e3e4 fix widgets for bs4 again 2017-03-29 12:43:27 +02:00
Mario Vavti
d7a9d22a15 namespace error 2017-03-29 12:09:45 +02:00
zotlabs
ecfbb10326 widget file update 2017-03-29 12:07:13 +02:00
zotlabs
6c92a240cc remove include/widgets.php 2017-03-29 12:04:44 +02:00
zotlabs
0bad26e116 the rest of the standard widgets converted 2017-03-29 12:02:09 +02:00
Mario Vavti
cd57483ed9 namespace error 2017-03-29 11:59:20 +02:00
zotlabs
0908da9529 widgets cont. 2017-03-29 11:57:00 +02:00
zotlabs
6e101e4582 widgets cont. 2017-03-29 11:50:52 +02:00
zotlabs
f60309efa1 more widget migrations 2017-03-29 11:50:03 +02:00
zotlabs
47f4007951 more widgets 2017-03-29 11:49:32 +02:00
zotlabs
74f58818d6 filename issue 2017-03-29 11:49:03 +02:00
zotlabs
17977effe7 more widgets 2017-03-29 11:48:35 +02:00
zotlabs
477ed97c2f convert more widgets to classes 2017-03-29 11:47:58 +02:00
zotlabs
242ef70a77 use absolute namespace 2017-03-29 11:47:07 +02:00
zotlabs
755b751614 Comanche: allow widgets to be class based and stored appropriately in Zotlabs 2017-03-29 11:45:54 +02:00
Klaus Weidenbach
49e77e0f71 Import Module documentation and @-sign replacement. 
If you copy the identity from your profile page the @-sign is invalid
for the import and fails. Replace it for convenience.
 2017-03-25 20:30:26 +01:00
Mario Vavti
ca14ab3d55 move profile tabs to app-tray 2017-03-20 17:24:48 +01:00
Mario Vavti
0938db8f7b Merge branch 'dev' into bs4 2017-03-19 13:33:45 +01:00
Mario Vavti
d2c971eda9 fix php warning and remove logging 2017-03-19 13:33:02 +01:00
zotlabs
8764cdf16a Merge branch 'dev' of https://github.com/redmatrix/hubzilla into dev_merge 2017-03-18 16:56:37 -07:00
Mario Vavti
82b35e2762 fix abook_edit and private mail 2017-03-18 20:00:32 +01:00
Mario Vavti
56f32104d5 Merge branch 'dev' into bs4 2017-03-18 17:29:38 +01:00
Klaus
cbd401c3e8 Missed one old Markdown() 2017-03-18 14:15:02 +01:00
Mario Vavti
d10525a375 fix item_list and item_search templates. make item filer use a bootdtrap modal and some css and class fixes 2017-03-17 14:22:10 +01:00
zotlabs
2dce86d38e Merge branch 'dev' of https://github.com/redmatrix/hubzilla into dev_merge 2017-03-15 15:55:33 -07:00
Mario Vavti
0c74c79b18 Merge branch 'dev' into bs4 2017-03-15 12:42:18 +01:00
Mario Vavti
62c921815f better handling of mimetype security 2017-03-15 12:39:34 +01:00
Mario Vavti
700c05a55b many class fixes and revive shiny class for item titles in a new way 2017-03-13 16:34:23 +01:00
Mario Vavti
8aabc6bc3d many dropdown and class fixes. still a long way to go... 2017-03-12 21:11:28 +01:00
zotlabs
403f4c1a6b Monday is a proper name and should be capitalised (except in private conversation amongst unix geeks). 2017-03-08 19:23:11 -08:00
zotlabs
a18e8e1ede add public_policy to the nwiki container also. This should not affect the recent bug as presented, but is being added for consistency. 2017-03-06 17:59:34 -08:00
zotlabs
595cb13d8f correct fix for wiki anonymous read issue (items_permissions_sql checks item.public_policy which was set for posts, not wikis) 2017-03-06 15:33:10 -08:00
Mario Vavti
9e44b07275 allow unauthenticated access to public wiki pages 2017-03-06 22:32:05 +01:00
Mario Vavti
eaefb36212 we need item edited for wiki page history, not item created 2017-03-04 16:56:52 +01:00
zotlabs
7445f1881e Merge branch 'dev' of https://github.com/redmatrix/hubzilla into dev_merge 2017-03-02 17:36:14 -08:00
zotlabs
e58dc726c5 activity widget - like the forum widget but represents unseen activity by author. Still experimental until it can be tested with diaspora xchans, which may require additional urlencoding. 2017-03-02 17:32:43 -08:00
Mario Vavti
dd8a3d845e reset schema value after we empty and repopulate it. second half of fix for #624 2017-03-02 11:36:35 +01:00
zotlabs
d7e24b2494 make system.expire_delivery_reports default setting consistent (10 days) 2017-03-01 20:05:52 -08:00
zotlabs
df57e7ab93 expire unread system notifications after a year. It would provide a better experience for infrequent visitors if we didn't expire them at all, but at some point we need to draw a line so as not to degrade system performance searching through old notifications that it's highly unlikely will ever be viewed again. 2017-02-28 14:56:26 -08:00
zotlabs
fa02f3a108 Merge pull request #686 from dawnbreak/markdown 
Upgrade PHP Markdown library.
 2017-03-01 09:54:01 +11:00
zotlabs
fa944fc526 provide 'session' option to z_fetch_url to assist with remote fetches requiring magic auth 2017-02-27 23:48:54 -08:00
zotlabs
df6e75e1d6 make magic-auth work with profile vcard fetch 2017-02-27 23:37:42 -08:00
zotlabs
85082ea509 fetch profile vcard for connection 2017-02-27 21:14:09 -08:00
zotlabs
1325a81e9a add file size notes to /cloud actions panel 2017-02-27 15:13:49 -08:00
zotlabs
18b22f5f8a prep work 2017-02-27 14:54:41 -08:00
Klaus Weidenbach
503c368f9e ⬆️ 🔨 Upgrade PHP Markdown library. 
The current version throws deprecated warning with PHP7.1 and PHPUnit.
Upgrade the Markdown library to the current PHP Markdown Lib 1.7.0.
Used composer to manage this library.
 2017-02-27 23:40:29 +01:00
Mario Vavti
a6d13f290b fix js issue in markdown mimetype wikis if content contains quotes 2017-02-27 13:52:08 +01:00
Mario Vavti
7f423016f0 whitespace 2017-02-27 11:11:53 +01:00
Mario Vavti
f93431b43e do not mess up schemas 2017-02-27 10:44:50 +01:00
Mario Vavti
0f208fb36b set minversion and maxversion for themes in view/theme/themename/php/theme.php instead of separate file. 2017-02-27 10:13:08 +01:00
Mario Vavti
4f07abe655 add a minversion to the theme and fallback to default if requirement is not met. mark incompatible themes in the theme selector 2017-02-26 21:01:20 +01:00
zotlabs
8783ccfd72 move admin permission decision out of the router - it is already provided in the module and the higher level check is causing some oembed redirect issues. 2017-02-25 16:22:09 -08:00
zotlabs
92615247ac send sync packet on profile photo permissions change 2017-02-25 15:04:17 -08:00
zotlabs
232862ae08 escape tags on viewsrc output in case it is not text/bbcode. 2017-02-25 13:54:39 -08:00
zotlabs
70f8840fbd Merge branch 'dev' of https://github.com/redmatrix/hubzilla into dev_merge 2017-02-24 13:55:57 -08:00
zotlabs
8d0d2015d7 We've passed the deadline for allowing unsigned zot finger tokens. It is now a protocol requirement. 2017-02-24 13:53:49 -08:00
Mario Vavti
cf11a89457 use chanlink_url() in directory since the xchan might not yet be available on our server 2017-02-24 10:08:09 +01:00
zotlabs
732dfa63c7 deleting profile vcard entries was pretty well borked 2017-02-23 20:27:12 -08:00
zotlabs
b1ff5367e7 more work on profile vcards - still a lot of work to go 2017-02-23 19:07:01 -08:00
zotlabs
96fdb88690 nativewiki: only apply markdown filter to markdown input 2017-02-23 15:15:19 -08:00
Mario Vavti
5012baba15 one more place to use chanlink_hash() instead of chanlink_url() 2017-02-23 11:41:03 +01:00
Mario Vavti
41c67fa345 more places to use chanlink_hash() instead of chanlink_url() for profile_link 2017-02-23 10:36:00 +01:00
Mario Vavti
c75852455b use chanlink_hash() instead of chanlink_url() for $profile_link 2017-02-23 09:53:24 +01:00
Mario Vavti
55924f5c5b apps improvements 2017-02-22 11:22:43 +01:00
zotlabs
6644dc4861 use head_add_link() for feed discovery 2017-02-21 18:58:51 -08:00
zotlabs
bbacfbdd6a display page not updating after comment 2017-02-21 15:24:39 -08:00
Mario Vavti
cbc0e5b934 do not lock out channels with only read perms from all post actions. we check read/write permissions for each command later in the process 2017-02-21 14:52:42 +01:00
zotlabs
e54ba7ecbc fix find_folder_hash_by_path() which was not safe against multiple attach structures with the same filename but in different directories 2017-02-20 23:03:48 -08:00
zotlabs
1c1d1f1185 update fr translation 2017-02-20 18:46:51 -08:00
zotlabs
21e3481810 wiki page permissions issue 2017-02-20 14:07:22 -08:00
zotlabs
573846707c fix several places where head_add_(css|js) functions have been used incorrectly. It appears that mistakes were made going back a long time and propagated. Here's the way it should work: 
- if there is no preceding / character, we look for the file within all the appropriate theme directories.
- otherwise the file should have a preceding /, which means use this path relative to the hubzilla basedir
- files beginning with // are considered to be schemeless URLs.

Therefore 'foo.css' means find the best theme-able representation of foo.css.
'/library/foo.css' means only use the version of foo.css that is in /library.
 2017-02-19 16:50:41 -08:00
zotlabs
8897c5763a typo 2017-02-15 10:55:53 -08:00
zotlabs
07d92796d2 provide HTTP header parser which honours continuation lines and despite the fact that continuation lines have been deprecated - as they still exist in the wild. 2017-02-14 20:57:14 -08:00
zotlabs
1f39c16d99 util/pconfig - don't enumerate empty arrays, mod_acl - add more comments 2017-02-13 17:51:39 -08:00
zotlabs
321241da02 add default permcat to channel settings form 2017-02-12 18:40:26 -08:00
zotlabs
2a52592292 testing and bug fixes virtual profile groups 2017-02-12 17:40:18 -08:00
zotlabs
ccdfbc721f Create virtual privacy groups for private profile member lists 2017-02-12 15:56:33 -08:00
zotlabs
1fb37f93cc more permissions optimisations 2017-02-09 19:52:13 -08:00
zotlabs
fce33402e7 use profile_store_lowlevel() when creating additional profiles 2017-02-09 17:40:56 -08:00
zotlabs
16f27d0004 more work on permcats and consolidating calls that try to discover connect permissions, also create lowlevel store functions for abook and profile - since these currently may have issues with sql strict mode. 2017-02-09 17:29:24 -08:00
zotlabs
8dc349caac minor theming and whitespace 2017-02-08 19:47:34 -08:00
zotlabs
91819bfc2d bringer - all basic functionality is implemented 2017-02-08 17:21:32 -08:00
zotlabs
6ee691e019 Merge branch 'dev' of https://github.com/redmatrix/hubzilla into dev_merge 2017-02-08 11:29:45 -08:00
zotlabs
28f0833237 fix immediate issue with multiple login forms until I can figure out an elegant way to "popup" the modal login form already on the page. We still may need this fix for the actual login module which should always be callable and present a login form even if the nav is completely borked. 2017-02-08 11:24:21 -08:00
Mario Vavti
eb415fd869 better detection of when to show the feature button and document nav mode for app_render() 2017-02-08 11:17:09 +01:00
Mario Vavti
ace0a1cb75 do not show feature button if the app is shared. css fixes 2017-02-08 10:56:03 +01:00
zotlabs
30659aef50 initial permcat creation ability, in /settings/permcats; functional permcat creation for testing but still needs a lot of UX work before promoting the ability 2017-02-07 20:29:03 -08:00
zotlabs
46d0e23e7b atokens - we only need one permission column 2017-02-07 19:49:15 -08:00