GitLab

Changed .attr() to .prop() for checked and disabled. Removed "style" removal which I assume was tied to opacity setting on line 9. Replaced "style" setting via attr() on line 12 with css().

Changed bind() and live() to on(). Changed .attr() to .prop() for checked and disabled. Shortcut for (document).ready(). This is the first attempt to convert live() elements to on() according to http://api.jquery.com/live/.

Putting in functionality so that sites with the "Sometimes" SSL setting allow for users with plugins such as HTTPSEVERYWHERE who wish to use HTTPS to do so without having errors pop up. Specifically this references this issue: http://status.net/open-source/issues/3855#comment-48988.

(Port detection test removed by MMN-o. Also switched order on the test for
isHTTPS/SensitiveAction.)

As a bonus I added type declaration on Profile_block::exists and
Subscription::exists respectively.

getUser calls are much more strict, and one place where this was found was
in the (un)subscribe start/end event handlers, which resulted in making the
Subscription class a bit stricter, regarding ::start and ::cancel at least.
Several minor fixes in many files were made due to this.

This does NOT touch the Foreign_link function, which should also have a more
strict getUser call. That is a future project.

$this->scoped is the currently active profile, which is intended
to replace the $user object in the long run...

Cutting down on a bunch of redundant code. We're reusing a lot of stuff
from FormAction and Action now instead of having copies of code all over.

Action extended classes now can set 'needLogin' as a protected property,
which is defaulted to 'false'. However, FormAction defaults this to 'true'
because most of the form actions will require a current login to be valid.

NewgroupAction, NewmessageAction, NewnoticeAction are all affected by this
commit and in the future we will migrate each potential formaction to the
proper class parent tree. :)

Also added a needLogin function to the Action class, which will do
redirect to login page with proper returnto setting.

otherwise we don't do csrf checking etc...

There are still several improvements which can be made, such as not
having an entirely separate setup of ajax form functions. Instead
those should be implemented in FormAction. But at least now we got
rid of the redundant code use in prepare/handle.

Also, there is no need to do 'return' after throwing a ClientError
Exception. And we'll use the Action->clientError for logging benefits
until the error handling is properly done all the way to backend.

Had to change Action function 'prepare' to 'protected', as you can't
(of course) protect something that's been public in a parent class. The
other way around seems fine for PHP... Eventually all actions will have
protected 'prepare' (use execute/run)

A feature of the previously fixed initialization of Action classes, is
that we now have $this->scoped which is the current profile in use. As
of now that is always a local User, except the corresponding Profile
object.

Also, instead of calling 'showForm' everywhere, in case of an error we
just throw an exception of some sort and pass the message along there.

I've also introduced in FormAction the 'showInstructions' function in
order to get a unified instructions/info/error display method.

TODO: Improve info/error message handling, and what/when/where to show.

FormAction will act as a parent class to Action classes that use forms
of various sorts, such as newgroup creation, settings actions etc.

Action classes can now be run by calling the static function 'run'.
Eventually actions will be migrated so most functionality gets put
into parent classes, and the children don't have to have as much
duplicate code as they have now.

Commit message edited by MMN-o (User_username schemaDef already patched).

These aren't ready for production use. Might be insecure, probably broken.

lib/plugin.php now has a parent onAutoload function that finds most common
files that are used in plugins (actions, dataobjects, forms, libs etc.) if
they are put in the standardised directories ('actions', 'classes', 'forms',
'lib' and perhaps some others in the future).

There are still some classes not ported (like Yammer import)

These extensions are not considered secure nor stable right now, so don't
use them for a while.

In commit e95f77d3 HubSub lost the
'staticGet' function in a consolidation into the Managed_DataObject class.
This was done carelessly by me as HubSub::staticGet was actually taking
two arguments, none of which was a key and merging them in HubSub::hashkey()
(staticGet was renamed getKV 2a4dc77a).

NOTE: This complements commit 7e4718a4 which
fixed a similar issue for the Magicsig class.

Lots of the Memcached_DataObject classes stopped working when upgraded to
Managed_DataObject because they lacked schemaDef().

I have _hopefully_ made it so that all the references to the table uses
each class' schemaDef, rather than the more manual ColumnDef stuff. Not
all plugins have been tested thoroughly yet.

NOTE: This is applied with getKV calls instead of staticGet, as it was
important for PHP Strict Standards compliance to avoid calling the non-
static functions statically. (unfortunately DB and DB_DataObject still do
this within themselves...)

Validate could probably be replaced with filter_var if desired (PHP>=5.2.0)