zotlabs
032b6f193d
photos_album_exists() requires an observer to work correctly; provide it.
2017-03-29 14:11:22 +02:00
zotlabs
e49c59959b
use the same host macro for sender address as for reply_to address
2017-03-29 14:09:58 +02:00
zotlabs
b03cd330e5
begin the process of using the relevant attach directory/path for photo albums instead of an album basename which may not be unique. Created an 'ellipsify()' function to shorten long names and keep the beginning and end intact
2017-03-29 14:09:19 +02:00
zotlabs
542fa4a08c
more markdown purification
2017-03-29 14:05:12 +02:00
zotlabs
515f1e76b0
perform attach_upgrade()
2017-03-29 14:04:44 +02:00
zotlabs
d95f7efea7
after all of this, I would be very hesitant to use any multi-user system which uses markdown and which doesn't have a large security budget.
2017-03-29 14:04:04 +02:00
zotlabs
e97dd48b4c
even more fine tuning of the markdown purifier - especially when used with the wiki
2017-03-29 14:03:24 +02:00
zotlabs
d5525a38f1
various input filter fixes
2017-03-29 13:56:31 +02:00
zotlabs
d7aaca6947
more work related to attach/photo and os_path, display_path and general code cleanup
2017-03-29 13:44:55 +02:00
zotlabs
fa629841bd
input filter updates
2017-03-29 13:39:36 +02:00
zotlabs
6ea32a8ba3
class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor
2017-03-29 13:37:36 +02:00
zotlabs
0f7832dc30
code_allowed is a real mess. Start the cleanup by remving the account level code allow and limiting to specific channels only. This reduces the possibility of cross channel security issues coming into play. Then provide a single function for checking the code permission. This is only partially done as we often need to check against the observer or logged in channel as well as the resource owner to ensure that this only returns true for local channels which also own the requested resource.
2017-03-29 13:32:23 +02:00
Mario Vavti
107083e3e4
fix widgets for bs4 again
2017-03-29 12:43:27 +02:00
Mario Vavti
d7a9d22a15
namespace error
2017-03-29 12:09:45 +02:00
zotlabs
ecfbb10326
widget file update
2017-03-29 12:07:13 +02:00
zotlabs
6c92a240cc
remove include/widgets.php
2017-03-29 12:04:44 +02:00
zotlabs
0bad26e116
the rest of the standard widgets converted
2017-03-29 12:02:09 +02:00
Mario Vavti
cd57483ed9
namespace error
2017-03-29 11:59:20 +02:00
zotlabs
0908da9529
widgets cont.
2017-03-29 11:57:00 +02:00
zotlabs
6e101e4582
widgets cont.
2017-03-29 11:50:52 +02:00
zotlabs
f60309efa1
more widget migrations
2017-03-29 11:50:03 +02:00
zotlabs
47f4007951
more widgets
2017-03-29 11:49:32 +02:00
zotlabs
74f58818d6
filename issue
2017-03-29 11:49:03 +02:00
zotlabs
17977effe7
more widgets
2017-03-29 11:48:35 +02:00
zotlabs
477ed97c2f
convert more widgets to classes
2017-03-29 11:47:58 +02:00
zotlabs
242ef70a77
use absolute namespace
2017-03-29 11:47:07 +02:00
zotlabs
755b751614
Comanche: allow widgets to be class based and stored appropriately in Zotlabs
2017-03-29 11:45:54 +02:00
Klaus Weidenbach
49e77e0f71
Import Module documentation and @-sign replacement.
...
If you copy the identity from your profile page the @-sign is invalid
for the import and fails. Replace it for convenience.
2017-03-25 20:30:26 +01:00
Mario Vavti
ca14ab3d55
move profile tabs to app-tray
2017-03-20 17:24:48 +01:00
Mario Vavti
0938db8f7b
Merge branch 'dev' into bs4
2017-03-19 13:33:45 +01:00
Mario Vavti
d2c971eda9
fix php warning and remove logging
2017-03-19 13:33:02 +01:00
zotlabs
8764cdf16a
Merge branch 'dev' of https://github.com/redmatrix/hubzilla into dev_merge
2017-03-18 16:56:37 -07:00
Mario Vavti
82b35e2762
fix abook_edit and private mail
2017-03-18 20:00:32 +01:00
Mario Vavti
56f32104d5
Merge branch 'dev' into bs4
2017-03-18 17:29:38 +01:00
Klaus
cbd401c3e8
Missed one old Markdown()
2017-03-18 14:15:02 +01:00
Mario Vavti
d10525a375
fix item_list and item_search templates. make item filer use a bootdtrap modal and some css and class fixes
2017-03-17 14:22:10 +01:00
zotlabs
2dce86d38e
Merge branch 'dev' of https://github.com/redmatrix/hubzilla into dev_merge
2017-03-15 15:55:33 -07:00
Mario Vavti
0c74c79b18
Merge branch 'dev' into bs4
2017-03-15 12:42:18 +01:00
Mario Vavti
62c921815f
better handling of mimetype security
2017-03-15 12:39:34 +01:00
Mario Vavti
700c05a55b
many class fixes and revive shiny class for item titles in a new way
2017-03-13 16:34:23 +01:00
Mario Vavti
8aabc6bc3d
many dropdown and class fixes. still a long way to go...
2017-03-12 21:11:28 +01:00
zotlabs
403f4c1a6b
Monday is a proper name and should be capitalised (except in private conversation amongst unix geeks).
2017-03-08 19:23:11 -08:00
zotlabs
a18e8e1ede
add public_policy to the nwiki container also. This should not affect the recent bug as presented, but is being added for consistency.
2017-03-06 17:59:34 -08:00
zotlabs
595cb13d8f
correct fix for wiki anonymous read issue (items_permissions_sql checks item.public_policy which was set for posts, not wikis)
2017-03-06 15:33:10 -08:00
Mario Vavti
9e44b07275
allow unauthenticated access to public wiki pages
2017-03-06 22:32:05 +01:00
Mario Vavti
eaefb36212
we need item edited for wiki page history, not item created
2017-03-04 16:56:52 +01:00
zotlabs
7445f1881e
Merge branch 'dev' of https://github.com/redmatrix/hubzilla into dev_merge
2017-03-02 17:36:14 -08:00
zotlabs
e58dc726c5
activity widget - like the forum widget but represents unseen activity by author. Still experimental until it can be tested with diaspora xchans, which may require additional urlencoding.
2017-03-02 17:32:43 -08:00
Mario Vavti
dd8a3d845e
reset schema value after we empty and repopulate it. second half of fix for #624
2017-03-02 11:36:35 +01:00
zotlabs
d7e24b2494
make system.expire_delivery_reports default setting consistent (10 days)
2017-03-01 20:05:52 -08:00
zotlabs
df57e7ab93
expire unread system notifications after a year. It would provide a better experience for infrequent visitors if we didn't expire them at all, but at some point we need to draw a line so as not to degrade system performance searching through old notifications that it's highly unlikely will ever be viewed again.
2017-02-28 14:56:26 -08:00
zotlabs
fa02f3a108
Merge pull request #686 from dawnbreak/markdown
...
Upgrade PHP Markdown library.
2017-03-01 09:54:01 +11:00
zotlabs
fa944fc526
provide 'session' option to z_fetch_url to assist with remote fetches requiring magic auth
2017-02-27 23:48:54 -08:00
zotlabs
df6e75e1d6
make magic-auth work with profile vcard fetch
2017-02-27 23:37:42 -08:00
zotlabs
85082ea509
fetch profile vcard for connection
2017-02-27 21:14:09 -08:00
zotlabs
1325a81e9a
add file size notes to /cloud actions panel
2017-02-27 15:13:49 -08:00
zotlabs
18b22f5f8a
prep work
2017-02-27 14:54:41 -08:00
Klaus Weidenbach
503c368f9e
⬆️ 🔨 Upgrade PHP Markdown library.
...
The current version throws deprecated warning with PHP7.1 and PHPUnit.
Upgrade the Markdown library to the current PHP Markdown Lib 1.7.0.
Used composer to manage this library.
2017-02-27 23:40:29 +01:00
Mario Vavti
a6d13f290b
fix js issue in markdown mimetype wikis if content contains quotes
2017-02-27 13:52:08 +01:00
Mario Vavti
7f423016f0
whitespace
2017-02-27 11:11:53 +01:00
Mario Vavti
f93431b43e
do not mess up schemas
2017-02-27 10:44:50 +01:00
Mario Vavti
0f208fb36b
set minversion and maxversion for themes in view/theme/themename/php/theme.php instead of separate file.
2017-02-27 10:13:08 +01:00
Mario Vavti
4f07abe655
add a minversion to the theme and fallback to default if requirement is not met. mark incompatible themes in the theme selector
2017-02-26 21:01:20 +01:00
zotlabs
8783ccfd72
move admin permission decision out of the router - it is already provided in the module and the higher level check is causing some oembed redirect issues.
2017-02-25 16:22:09 -08:00
zotlabs
92615247ac
send sync packet on profile photo permissions change
2017-02-25 15:04:17 -08:00
zotlabs
232862ae08
escape tags on viewsrc output in case it is not text/bbcode.
2017-02-25 13:54:39 -08:00
zotlabs
70f8840fbd
Merge branch 'dev' of https://github.com/redmatrix/hubzilla into dev_merge
2017-02-24 13:55:57 -08:00
zotlabs
8d0d2015d7
We've passed the deadline for allowing unsigned zot finger tokens. It is now a protocol requirement.
2017-02-24 13:53:49 -08:00
Mario Vavti
cf11a89457
use chanlink_url() in directory since the xchan might not yet be available on our server
2017-02-24 10:08:09 +01:00
zotlabs
732dfa63c7
deleting profile vcard entries was pretty well borked
2017-02-23 20:27:12 -08:00
zotlabs
b1ff5367e7
more work on profile vcards - still a lot of work to go
2017-02-23 19:07:01 -08:00
zotlabs
96fdb88690
nativewiki: only apply markdown filter to markdown input
2017-02-23 15:15:19 -08:00
Mario Vavti
5012baba15
one more place to use chanlink_hash() instead of chanlink_url()
2017-02-23 11:41:03 +01:00
Mario Vavti
41c67fa345
more places to use chanlink_hash() instead of chanlink_url() for profile_link
2017-02-23 10:36:00 +01:00
Mario Vavti
c75852455b
use chanlink_hash() instead of chanlink_url() for $profile_link
2017-02-23 09:53:24 +01:00
Mario Vavti
55924f5c5b
apps improvements
2017-02-22 11:22:43 +01:00
zotlabs
6644dc4861
use head_add_link() for feed discovery
2017-02-21 18:58:51 -08:00
zotlabs
bbacfbdd6a
display page not updating after comment
2017-02-21 15:24:39 -08:00
Mario Vavti
cbc0e5b934
do not lock out channels with only read perms from all post actions. we check read/write permissions for each command later in the process
2017-02-21 14:52:42 +01:00
zotlabs
e54ba7ecbc
fix find_folder_hash_by_path() which was not safe against multiple attach structures with the same filename but in different directories
2017-02-20 23:03:48 -08:00
zotlabs
1c1d1f1185
update fr translation
2017-02-20 18:46:51 -08:00
zotlabs
21e3481810
wiki page permissions issue
2017-02-20 14:07:22 -08:00
zotlabs
573846707c
fix several places where head_add_(css|js) functions have been used incorrectly. It appears that mistakes were made going back a long time and propagated. Here's the way it should work:
...
- if there is no preceding / character, we look for the file within all the appropriate theme directories.
- otherwise the file should have a preceding /, which means use this path relative to the hubzilla basedir
- files beginning with // are considered to be schemeless URLs.
Therefore 'foo.css' means find the best theme-able representation of foo.css.
'/library/foo.css' means only use the version of foo.css that is in /library.
2017-02-19 16:50:41 -08:00
zotlabs
8897c5763a
typo
2017-02-15 10:55:53 -08:00
zotlabs
07d92796d2
provide HTTP header parser which honours continuation lines and despite the fact that continuation lines have been deprecated - as they still exist in the wild.
2017-02-14 20:57:14 -08:00
zotlabs
1f39c16d99
util/pconfig - don't enumerate empty arrays, mod_acl - add more comments
2017-02-13 17:51:39 -08:00
zotlabs
321241da02
add default permcat to channel settings form
2017-02-12 18:40:26 -08:00
zotlabs
2a52592292
testing and bug fixes virtual profile groups
2017-02-12 17:40:18 -08:00
zotlabs
ccdfbc721f
Create virtual privacy groups for private profile member lists
2017-02-12 15:56:33 -08:00
zotlabs
1fb37f93cc
more permissions optimisations
2017-02-09 19:52:13 -08:00
zotlabs
fce33402e7
use profile_store_lowlevel() when creating additional profiles
2017-02-09 17:40:56 -08:00
zotlabs
16f27d0004
more work on permcats and consolidating calls that try to discover connect permissions, also create lowlevel store functions for abook and profile - since these currently may have issues with sql strict mode.
2017-02-09 17:29:24 -08:00
zotlabs
8dc349caac
minor theming and whitespace
2017-02-08 19:47:34 -08:00
zotlabs
91819bfc2d
bringer - all basic functionality is implemented
2017-02-08 17:21:32 -08:00
zotlabs
6ee691e019
Merge branch 'dev' of https://github.com/redmatrix/hubzilla into dev_merge
2017-02-08 11:29:45 -08:00
zotlabs
28f0833237
fix immediate issue with multiple login forms until I can figure out an elegant way to "popup" the modal login form already on the page. We still may need this fix for the actual login module which should always be callable and present a login form even if the nav is completely borked.
2017-02-08 11:24:21 -08:00
Mario Vavti
eb415fd869
better detection of when to show the feature button and document nav mode for app_render()
2017-02-08 11:17:09 +01:00
Mario Vavti
ace0a1cb75
do not show feature button if the app is shared. css fixes
2017-02-08 10:56:03 +01:00
zotlabs
30659aef50
initial permcat creation ability, in /settings/permcats; functional permcat creation for testing but still needs a lot of UX work before promoting the ability
2017-02-07 20:29:03 -08:00
zotlabs
46d0e23e7b
atokens - we only need one permission column
2017-02-07 19:49:15 -08:00