Commit a10edb31 authored by Evan Prodromou's avatar Evan Prodromou

Merge branch 'testing' into 1.0.x

Conflicts:
	plugins/Directory/locale/mk/LC_MESSAGES/Directory.po
	plugins/Directory/locale/tl/LC_MESSAGES/Directory.po
parents e499939c 8b9a5f55
......@@ -196,12 +196,6 @@ class ApiOauthAuthorizeAction extends Action
)
);
// XXX: Make sure we have a oauth_token_association table. The table
// is now in the main schema, but because it is being added with
// a point release, it's unlikely to be there. This code can be
// removed as of 1.0.
$this->ensureOauthTokenAssociationTable();
$tokenAssoc = new Oauth_token_association();
$tokenAssoc->profile_id = $user->id;
......@@ -295,30 +289,6 @@ class ApiOauthAuthorizeAction extends Action
}
}
// XXX Remove this function when we hit 1.0
function ensureOauthTokenAssociationTable()
{
$schema = Schema::get();
$reqTokenCols = array(
new ColumnDef('profile_id', 'integer', null, true, 'PRI'),
new ColumnDef('application_id', 'integer', null, true, 'PRI'),
new ColumnDef('token', 'varchar', 255, true, 'PRI'),
new ColumnDef('created', 'datetime', null, false),
new ColumnDef(
'modified',
'timestamp',
null,
false,
null,
'CURRENT_TIMESTAMP',
'on update CURRENT_TIMESTAMP'
)
);
$schema->ensureTable('oauth_token_association', $reqTokenCols);
}
/**
* Show body - override to add a special CSS class for the authorize
* page's "desktop mode" (minimal display)
......
......@@ -289,7 +289,13 @@ class ApiTimelineFriendsAction extends ApiBareAuthAction
{
$notices = array();
$stream = new InboxNoticeStream($this->user);
$profile = null;
if (isset($this->auth_user)) {
$profile = $this->auth_user->getProfile();
}
$stream = new InboxNoticeStream($this->user, $profile);
$notice = $stream->getNotices(($this->page-1) * $this->count,
$this->count,
......
......@@ -39,4 +39,23 @@ class Oauth_token_association extends Memcached_DataObject
return empty($result) ? null : $oau;
}
public static function schemaDef()
{
return array(
'description' => 'Associate an application ID and profile ID with an OAuth token',
'fields' => array(
'profile_id' => array('type' => 'int', 'not null' => true, 'description' => 'associated user'),
'application_id' => array('type' => 'int', 'not null' => true, 'description' => 'the application'),
'token' => array('type' => 'varchar', 'length' => '255', 'not null' => true, 'description' => 'token used for this association'),
'created' => array('type' => 'datetime', 'not null' => true, 'description' => 'date this record was created'),
'modified' => array('type' => 'timestamp', 'not null' => true, 'description' => 'date this record was modified'),
),
'primary key' => array('profile_id', 'application_id', 'token'),
'foreign keys' => array(
'oauth_token_association_profile_fkey' => array('profile_id', array('profile' => 'id')),
'oauth_token_association_application_fkey' => array('application_id', array('application' => 'id')),
)
);
}
}
......@@ -1110,3 +1110,5 @@ $schema['schema_version'] = array(
$schema['group_join_queue'] = Group_join_queue::schemaDef();
$schema['subscription_queue'] = Subscription_queue::schemaDef();
$schema['oauth_token_association'] = Oauth_token_association::schemaDef();
......@@ -334,9 +334,12 @@ class Action extends HTMLOutputter // lawsuit
$this->inlineScript('var _peopletagAC = "' .
common_local_url('peopletagautocomplete') . '";');
$this->showScriptMessages();
// Frame-busting code to avoid clickjacking attacks.
// Anti-framing code to avoid clickjacking attacks in older browsers.
// This will show a blank page if the page is being framed, which is
// consistent with the behavior of the 'X-Frame-Options: SAMEORIGIN'
// header, which prevents framing in newer browser.
if (common_config('javascript', 'bustframes')) {
$this->inlineScript('if (window.top !== window.self) { window.top.location.href = window.self.location.href; }');
$this->inlineScript('if (window.top !== window.self) { document.write = ""; window.top.location = window.self.location; setTimeout(function () { document.body.innerHTML = ""; }, 1); window.self.onload = function () { document.body.innerHTML = ""; }; }');
}
Event::handle('EndShowStatusNetScripts', array($this));
Event::handle('EndShowLaconicaScripts', array($this));
......
......@@ -204,7 +204,12 @@ class ApiAuthAction extends ApiAction
}
}
$this->auth_user = $user;
Event::handle('EndSetApiUser', array($user));
// FIXME: setting the value returned by common_current_user()
// There should probably be a better method for this. common_set_user()
// does lots of session stuff.
global $_cur;
$_cur = $this->auth_user;
Event::handle('EndSetApiUser', array($user));
}
$msg = "API OAuth authentication for user '%s' (id: %d) on behalf of " .
......
......@@ -20,7 +20,7 @@
if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); }
define('STATUSNET_BASE_VERSION', '1.0.0');
define('STATUSNET_LIFECYCLE', 'alpha2'); // 'dev', 'alpha[0-9]+', 'beta[0-9]+', 'rc[0-9]+', 'release'
define('STATUSNET_LIFECYCLE', 'alpha5'); // 'dev', 'alpha[0-9]+', 'beta[0-9]+', 'rc[0-9]+', 'release'
define('STATUSNET_VERSION', STATUSNET_BASE_VERSION . STATUSNET_LIFECYCLE);
define('LACONICA_VERSION', STATUSNET_VERSION); // compatibility
......
......@@ -108,6 +108,13 @@ class HTMLOutputter extends XMLOutputter
header('Content-Type: '.$type);
// Output anti-framing headers to prevent clickjacking (respected by newer
// browsers).
if (common_config('javascript', 'bustframes')) {
header('X-XSS-Protection 1; mode=block'); // detect XSS Reflection attacks
header('X-Frame-Options: SAMEORIGIN'); // no rendering if origin mismatch
}
$this->extraHeaders();
if (preg_match("/.*\/.*xml/", $type)) {
// Required for XML documents
......
......@@ -8922,7 +8922,7 @@ msgstr ""
"\n"
"%4$s\n"
"\n"
"Ne respondu al ĉi tiu retpoŝtadreso; respondo ne atingos lin.\n"
"Ne respondu al ĉi tiu retpoŝtadreso; respondo ne atingos lin."
#. TRANS: Subject for favorite notification e-mail.
#. TRANS: %1$s is the adding user's long name, %2$s is the adding user's nickname.
......
......@@ -140,6 +140,18 @@ msgstr "Пребарај групи"
msgid "No groups starting with %s."
msgstr "Нема групи што почнуваат на %s."
#. TRANS: Help text for searching group directory.
msgid ""
"* Make sure all words are spelled correctly.\n"
"* Try different keywords.\n"
"* Try more general keywords.\n"
"* Try fewer keywords."
msgstr ""
"* Проверете дали сите зборови се напишани како што треба.\n"
"* Обидете се со други клучни зборови.\n"
"* Обидете се со поопшти клучни зборови.\n"
"* Обидете се помалку клучни зборови."
#. TRANS: Menu item text for user directory.
msgctxt "MENU"
msgid "Directory"
......
......@@ -141,6 +141,18 @@ msgstr "Hanapin sa mga pangkat"
msgid "No groups starting with %s."
msgstr "Walang mga pangkat na nagsisimula sa %s."
#. TRANS: Help text for searching group directory.
msgid ""
"* Make sure all words are spelled correctly.\n"
"* Try different keywords.\n"
"* Try more general keywords.\n"
"* Try fewer keywords."
msgstr ""
"* Tiyakin na tama ang pagbabanghay ng lahat ng mga salita.\n"
"* Sumubok ng ibang mga susing-salita.\n"
"* Sumubok ng mas pangkalahatang mga susing-salita.\n"
"* Sumubok ng mas kakaunting mga susing-salita."
#. TRANS: Menu item text for user directory.
msgctxt "MENU"
msgid "Directory"
......
......@@ -120,6 +120,14 @@ class DomainStatusNetworkInstaller extends Installer
$this->sitehost = $config['DBHOST'];
$this->sitedb = $config['SITEDB'];
$tagstr = $config['TAGS'];
if (!empty($tagstr)) {
$this->tags = preg_split('/[\s,]+/', $tagstr);
} else {
$this->tags = array();
}
// Explicitly empty
$this->adminNick = null;
......@@ -185,7 +193,15 @@ class DomainStatusNetworkInstaller extends Installer
throw new ServerException("Created {$this->nickname} status_network and could not find it again.");
}
$sn->setTags(array('domain='.$this->domain));
// Set default tags
$tags = $this->tags;
// Add domain tag
$tags[] = 'domain='.$this->domain;
$sn->setTags($tags);
$this->sn = $sn;
}
......@@ -198,6 +214,21 @@ class DomainStatusNetworkInstaller extends Installer
StatusNet::switchSite($this->nickname);
// We need to initialize the schema_version stuff to make later setup easier
$schema = array();
require INSTALLDIR.'/db/core.php';
$tableDefs = $schema;
$schema = Schema::get();
$schemaUpdater = new SchemaUpdater($schema);
foreach ($tableDefs as $table => $def) {
$schemaUpdater->register($table, $def);
}
$schemaUpdater->checkSchema();
Event::handle('CheckSchema');
}
......
......@@ -18,3 +18,4 @@ export MAILSUBJECT="Your new StatusNet site"
export POSTINSTALL=/etc/statusnet/morestuff.sh
export WEBUSER=www-data
export WEBGROUP=www-data
export TAGS=tag1,tag2,tag3
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment