1082 commits

Author	SHA1	Message	Date
zotlabs	e3dc242a3c	allow downloading via viewsrc to support client side e2ee	2017-04-17 20:48:57 -07:00
zotlabs	7a31c039fb	Merge branch 'dev' of https://github.com/redmatrix/hubzilla into xdev_merge	2017-04-17 16:04:17 -07:00
Mario Vavti	0f0fba0e9e	missing includes	2017-04-13 23:20:09 +02:00
zotlabs	c631da7b0d	whitespace	2017-04-12 19:25:46 -07:00
zotlabs	63dd6ad01a	don't allow any null fields in notify creation	2017-04-11 23:05:56 -07:00
zotlabs	940534e303	webfinger cleanup	2017-04-11 22:02:29 -07:00
zotlabs	a9bda2b12e	sql error photos_albums_list with non-logged-in viewer	2017-04-03 10:55:42 +02:00
zotlabs	5fb7ea8dbd	fix connectDefaultShare generated js function, though it isn't obvious if we still use it.	2017-04-03 10:53:07 +02:00
zotlabs	fbba78411d	app sorting issue	2017-04-03 10:50:43 +02:00
zotlabs	26125bcf0b	sql error photos_albums_list with non-logged-in viewer	2017-04-02 22:20:37 -07:00
zotlabs	9a5ce2354d	remove some obsolete permissions stuff	2017-04-02 20:51:40 -07:00
zotlabs	f25f5aeaaa	fix connectDefaultShare generated js function, though it isn't obvious if we still use it.	2017-04-02 20:35:45 -07:00
zotlabs	29596d12e3	app sorting issue	2017-04-02 17:34:16 -07:00
git-marijus	89e3f3210f	Merge pull request #710 from dawnbreak/importcsrf ... 🔒 Add CSRF protection for import and import_items.	2017-03-31 13:40:02 +02:00
zotlabs	a20fd4d463	get rid of some more deprecated uses of $a	2017-03-31 10:31:29 +02:00
zotlabs	bfd506f184	remove obsolete app argument from load_pdl	2017-03-31 10:30:41 +02:00
zotlabs	c20aa6062c	get rid of get_app()	2017-03-31 10:30:17 +02:00
zotlabs	57a8b3f857	provide compatibility with old-style update system	2017-03-31 10:26:44 +02:00
zotlabs	6e5a06421f	get rid of 'davguest' and allow for project specific DB updates (currently db updates are common between all possible projects/subprojects/forks).	2017-03-31 10:26:06 +02:00
zotlabs	5f0004b416	move db_upgrade to zlib	2017-03-31 10:25:27 +02:00
zotlabs	c4f5d17db6	Merge branch 'importcsrf' of https://github.com/dawnbreak/hubzilla into csrf	2017-03-30 21:05:31 -07:00
zotlabs	a9cceea850	Merge branch 'dev' of https://github.com/redmatrix/hubzilla into xdev_merge	2017-03-30 16:10:59 -07:00
Klaus Weidenbach	81736a0129	🔒 Add CSRF protection for import and import_items.	2017-03-30 23:17:32 +02:00
Klaus	dea4879938	Merge pull request #709 from dawnbreak/docu ... Add some documentation for import functions.	2017-03-30 23:10:53 +02:00
Klaus Weidenbach	2e2f984c45	Add some documentation for import functions.	2017-03-30 23:06:00 +02:00
Mario Vavti	bb639b08f7	do not allow creating two wikis with the same name	2017-03-30 15:07:48 +02:00
zotlabs	181d9a0777	circular logic - we need the mailbox to find the last message so move the code block back where it was, and only set a direct mid if one was specified.	2017-03-30 11:54:21 +02:00
zotlabs	5219c4a09a	when clicking a notification to view a private mail message, actually view that message instead of the most recent.	2017-03-30 11:54:07 +02:00
zotlabs	b51ca4c8d3	circular logic - we need the mailbox to find the last message so move the code block back where it was, and only set a direct mid if one was specified.	2017-03-29 17:42:31 -07:00
zotlabs	198d2ab607	when clicking a notification to view a private mail message, actually view that message instead of the most recent.	2017-03-29 16:41:27 -07:00
zotlabs	2d4f84563b	Merge branch 'dev' of https://github.com/redmatrix/hubzilla into xdev_merge	2017-03-29 16:11:50 -07:00
zotlabs	a8a6d807ff	allow setting the system email name/address/reply	2017-03-29 14:14:40 +02:00
zotlabs	fe5f109af5	more cloud updates - upgrade the DAV structures as well.	2017-03-29 14:14:05 +02:00
zotlabs	f1da003020	some more photo issues	2017-03-29 14:13:10 +02:00
zotlabs	ea5a7180c7	fix photo prvnxt after all the changes yesterday	2017-03-29 14:12:24 +02:00
zotlabs	9d0e2cbd89	more work on the photo album mess	2017-03-29 14:11:56 +02:00
zotlabs	032b6f193d	photos_album_exists() requires an observer to work correctly; provide it.	2017-03-29 14:11:22 +02:00
zotlabs	e49c59959b	use the same host macro for sender address as for reply_to address	2017-03-29 14:09:58 +02:00
zotlabs	b03cd330e5	begin the process of using the relevant attach directory/path for photo albums instead of an album basename which may not be unique. Created an 'ellipsify()' function to shorten long names and keep the beginning and end intact	2017-03-29 14:09:19 +02:00
zotlabs	542fa4a08c	more markdown purification	2017-03-29 14:05:12 +02:00
zotlabs	515f1e76b0	perform attach_upgrade()	2017-03-29 14:04:44 +02:00
zotlabs	d95f7efea7	after all of this, I would be very hesitant to use any multi-user system which uses markdown and which doesn't have a large security budget.	2017-03-29 14:04:04 +02:00
zotlabs	e97dd48b4c	even more fine tuning of the markdown purifier - especially when used with the wiki	2017-03-29 14:03:24 +02:00
zotlabs	d5525a38f1	various input filter fixes	2017-03-29 13:56:31 +02:00
zotlabs	d7aaca6947	more work related to attach/photo and os_path, display_path and general code cleanup	2017-03-29 13:44:55 +02:00
zotlabs	fa629841bd	input filter updates	2017-03-29 13:39:36 +02:00
zotlabs	6ea32a8ba3	class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor	2017-03-29 13:37:36 +02:00
zotlabs	0f7832dc30	code_allowed is a real mess. Start the cleanup by remving the account level code allow and limiting to specific channels only. This reduces the possibility of cross channel security issues coming into play. Then provide a single function for checking the code permission. This is only partially done as we often need to check against the observer or logged in channel as well as the resource owner to ensure that this only returns true for local channels which also own the requested resource.	2017-03-29 13:32:23 +02:00
Mario Vavti	107083e3e4	fix widgets for bs4 again	2017-03-29 12:43:27 +02:00
Mario Vavti	d7a9d22a15	namespace error	2017-03-29 12:09:45 +02:00