- 12 Aug, 2013 21 commits
-
-
mattl authored
The parent class for our database objects, Managed_DataObject, has a dynamically assigned class in staticGet which objects get put into, leaving us with less code to do the same thing. We will probably have to move away from the DB_DataObject 'staticGet' call as it is nowadays deprecated.
-
mattl authored
Compatibility: get_called_class is implemented in PHP >= 5.3.0
-
mattl authored
We always call staticGet statically, so we define it statically. Next step is to remove a bunch of definitions of 'staticGet' from classes that can instead fall back to a parent class in Managed_DataObject. The ampersand is removed as we're returning a class anyway, which does not need a reference (and when we return false, it means nothing).
-
mattl authored
-
mattl authored
It may be a bad experience for new users to immediately when trying out the service be asked for their geographical position. Instead, let them opt-in for this behaviour.
-
mattl authored
-
mattl authored
-
mattl authored
-
mattl authored
-
mattl authored
-
mattl authored
-
mattl authored
-
mattl authored
-
mattl authored
Issue 3636 request clarity for users without validated emails on instances with RequireValidatedEmail active
-
mattl authored
-
mattl authored
-
mattl authored
If you look at classes/User_group.php on line 412 in the current code, you can see that a call to $profile->getGroups() is made. This implies getGroups($offset=0, $limit=PROFILES_PER_PAGE) only giving a limited amount of groups. This means only the first 20 groups in an ascending numerical order by locally stored User_group->id will be addressable with the bangtag syntax. I solved this by making the getGroups() call to the same one made in Profile->isMember(), i.e. $profile->getGroups(0, null);
-
mattl authored
Issue #3125 at http://status.net/open-source/issues/3125 (and its duplicate 3127) describe buggy behaviour when trying to create a new group - i.e. the group is still created but with nickname NULL. The reason the group is created is that when failing Nickname::normalize, the function trySave() in actions/newgroup.php doesn't call 'return' - meaning it just keeps going despite the error thrown. It a So the simple solution to this bug was adding a return call at line 128, inside the catch just after the showForm(...) call.
-
mattl authored
Merge commit 'refs/merge-requests/230' of git://gitorious.org/statusnet/mainline into merge-requests/230
-
mattl authored
Now there's definitely no PHP4 support whatsoever, if there even was little of it before this commit.
-
mattl authored
This merges GNU Social with current development of StatusNet. The only conflicts were some documentation, where GNU Social's versions were retained. Conflicts: doc-src/about doc-src/faq plugins/OpenID/doc-src/openid
-
- 16 Jul, 2013 12 commits
-
-
Evan Prodromou authored
-
Evan Prodromou authored
-
Evan Prodromou authored
Conflicts: lib/framework.php
-
Evan Prodromou authored
-
Evan Prodromou authored
-
Joshua Wise authored
User::getTaggedSubscriptions() This change escapes the $tag argument to prevent a SQL injection attack in User::getTaggedSubscriptions(). The parameter was not escaped higher up the stack, so this vulnerability could be exploited.
-
Joshua Wise authored
This change escapes the argument to User::getTaggedSubscribers() to prevent SQL injection attacks. Both code paths up the stack fail to escape this parameter, so this is a potential SQL injection attack.
-
Joshua Wise authored
This patch escapes query parameters in Profile_tag::getTagged(). This is an extra security step; since these parameters come out of the database, it's unlikely that they would have dangerous data in them.
-
Joshua Wise authored
This change adds additional escapes for arguments to Profile_tag::moveTag(). The arguments are canonicalized in the API and Web UI paths higher up the stack, but this change makes sure that no other paths can introduce SQL injection errors.
-
Joshua Wise authored
This patch escapes the $tag parameter in Profile::getTaggedSubscribers(). The parameter is not escaped either in actions/subscriptions.php or in actions/apiuserfollowers.php. So there is a potential for SQL injection here.
-
Joshua Wise authored
This change escapes a parameter in Local_group::setNickname(). Review of the code paths that call this function sanitize the parameter higher up the stack, but it's escaped here to prevent mistakes later. Note that nickname parameters are normally alphanum strings, so there's not much danger in double-escaping them.
-
Joshua Wise authored
This change escapes a parameter in Local_group::setNickname(). Review of the code paths that call this function sanitize the parameter higher up the stack, but it's escaped here to prevent mistakes later. Note that nickname parameters are normally alphanum strings, so there's not much danger in double-escaping them.
-
- 30 Jun, 2013 2 commits
-
-
Evan Prodromou authored
-
Evan Prodromou authored
-
- 29 Jun, 2013 2 commits
-
-
Evan Prodromou authored
commit bd23a7da105d635414643dfcedd9c8f710d565b8 Author: Evan Prodromou <evan@e14n.com> Date: Sat Jun 29 07:49:03 2013 -0400 Make the after flag work correctly commit 5c5845a2f866f0bbffedd8e2e5d1f512f87d5329 Author: Evan Prodromou <evan@e14n.com> Date: Sat Jun 29 06:14:43 2013 -0400 Add an 'after' flag for backup script
-
Evan Prodromou authored
commit bd23a7da105d635414643dfcedd9c8f710d565b8 Author: Evan Prodromou <evan@e14n.com> Date: Sat Jun 29 07:49:03 2013 -0400 Make the after flag work correctly commit 5c5845a2f866f0bbffedd8e2e5d1f512f87d5329 Author: Evan Prodromou <evan@e14n.com> Date: Sat Jun 29 06:14:43 2013 -0400 Add an 'after' flag for backup script
-
- 26 Jun, 2013 3 commits
-
-
Evan Prodromou authored
-
Evan Prodromou authored
-
Evan Prodromou authored
-