1. 28 Dec, 2010 1 commit
    • Brion Vibber's avatar
      Prevent group creation by silenced users. · d3d97974
      Brion Vibber authored
      * adds Right::CREATEGROUP
      * logic in Profile::hasRight() checks for silencing
      * NewgroupAction checks for the permission before letting you see or process the form in the UI
      * User_group::register() logic does a low-level check on the specified initial group admin, and rejects creation if that user doesn't have the right; guaranteeing that API methods etc will also have this restriction applied sensibly.
      d3d97974
  2. 20 Dec, 2010 3 commits
  3. 13 Dec, 2010 1 commit
    • Brion Vibber's avatar
      TwitterBridge: partial merge of id_str usage from 0.9.x for improved 32-bit... · 39cad557
      Brion Vibber authored
      TwitterBridge: partial merge of id_str usage from 0.9.x for improved 32-bit and pre-5.2.10 compatibility. (on 64-bit in 5.2.6 we can pull the integer IDs, but silently lose some precision on the end.)
      
      Fixes for Twitter bridge breakage on 32-bit servers. New "Snowflake" 64-bit IDs have become too big to fit in the integer portion of double-precision floats, so to reliably use these IDs we need to pull the new string form now.
      Machines with 64-bit PHP installation should have had no problems (except on Windows, where integers are still 32 bits)
      
      Conflicts:
      
      	plugins/TwitterBridge/twitterimport.php <- as this hasn't been broken out, the import code is NOT FULLY UPDATED HERE.
      39cad557
  4. 10 Dec, 2010 2 commits
    • Brion Vibber's avatar
      Workaround for locally-handled sessions breaking on PHP 5.3 with APC enabled. · 3f9b8b29
      Brion Vibber authored
      Big thanks to the folks at http://pecl.php.net/bugs/bug.php?id=16745 for the secret juju!
      Classes were being torn down before session save handlers got called at the end of the request, which exploded with complaints about being unable to find various classes.
      Registering a shutdown function lets us explicitly close out the session before everything gets torn down.
      3f9b8b29
    • Brion Vibber's avatar
      extlibs updates: PEAR::Mail to 1.2.0, PEAR::Net_SMTP to 1.4.2 (need to go together as a pair) · 65f2d12b
      Brion Vibber authored
      PEAR::Mail updated to 1.2.0 from 1.1.4, fixes deprecation warnings on PHP 5.3, as well as:
      1.2.0:
      • QA release - stable.
      • Updated minimum dependencies (Net_SMTP, PEAR, PHP)
      • Doc Bug #15620 Licence change to BSD
      • Bug #13659 Mail parse error in special condition
      • Bug #16200 - Security hole allow to read/write Arbitrary File
      _hasUnclosedQuotes() doesn't properly handle a double slash before an end quote (slusarz@curecanti.org, Bug #9137).
      • Make sure Net_SMTP is defined when calling getSMTPObject() directly (slusarz@curecanti.org, Bug #13772).
      • Add addServiceExtensionParameter() to the SMTP driver (slusarz@curecanti.org, Bug #13764).
      • Add a method to obtain the Net_SMTP object from the SMTP driver (slusarz@curecanti.org, Bug #13766).
      
      PEAR::Net_SMTP updated to 1.4.2 from 1.3.1, needed to support updated PEAR::Mail:
      1.4.2:
      • Fixing header string quoting in data(). (Bug #17199)
      1.4.1:
      • The auth() method now includes an optional $tls parameter that determines whether or not TLS should be attempted (if supported by the PHP runtime and the remote SMTP server). This parameter defaults to true. (Bug #16349)
      • Header data can be specified separately from message body data by passing it as the optional second parameter to ``data()``. This is especially useful when an open file resource is being used to supply message data because it allows header fields (like *Subject:*) to be built dynamically at runtime. (Request #17012)
      1.4.0:
      • The data() method now accepts either a string or a file resource containing the message data. (Request #16962)
      1.3.4:
      • All Net_Socket write failures are now recognized. (Bug #16831)
      1.3.3:
      • Added getGreeting(), for retrieving the server's greeting string. (Request #16066) [needed for PEAR::Mail]
      • We no longer attempt a TLS connection if we're already using a secure socket. (Bug #16254)
      • You can now specify a debug output handler via setDebug(). (Request #16420)
      1.3.2:
      • TLS connection only gets started if no AUTH methods are sent. (Bug #14944)
      65f2d12b
  5. 09 Dec, 2010 1 commit
    • Brion Vibber's avatar
      Tweak to PiwikAnalytics plugin to help browsers to pre-load piwik.js, may... · 51616121
      Brion Vibber authored
      Tweak to PiwikAnalytics plugin to help browsers to pre-load piwik.js, may shave a little off load time.
      
      Piwik's current default recommended JS for loading creates a <script> tag via document.write(). In addition to being generally evil, this means the browser doesn't know it's going to need piwik.js until that chunk of script gets executed... which can't happen until all scripts referenced *before* it have been loaded and executed.
      
      The only reason for that bit of script though seems to be to pick 'http' or 'https' depending on the current page's scheme. This can be done more simply by using a protocol-relative link (eg "//piwik.status.net/piwik.js"), which the browser will resolve as appropriate. Since it's now sitting in the <script> tag, the browser's lookahead code will now see it and be able to start loading it while earlier things are parsing/executing.
      May be better still to move to an asynchronous load after DOM-ready, but I'm not sure if that'll screw with the analytics code (eg, not being able to start things on the DOM-ready events since they're past).
      51616121
  6. 08 Dec, 2010 3 commits
    • Brion Vibber's avatar
      Mapstraction plugin: use minified sources for OpenLayers · 26bd15ec
      Brion Vibber authored
      The default full build of OpenLayers.js is 943kb as of 2.10; this gzips down to a couple hundred kb
      but is still rather nasty, plus loading it off a remote host could slow things down.
      
      Using a local copy let us cut down the size significantly by discarding unused features, and further
      minification with yui-compressor shaves a bit more off. Cuts down to about 1/5 the size of the
      original.
      
      Also threw in a bundled & minified copy of the Mapstraction classes plus our usermap.js,
      which covers the common case of using the default OpenLayers provider. This cuts out three
      additional script loads, two of which weren't getting launched until after the mxn.js main
      file got loaded.
      26bd15ec
    • Brion Vibber's avatar
      Create a bundled & minified JS file for Mapstraction's common case (using... · fb315c6f
      Brion Vibber authored
      Create a bundled & minified JS file for Mapstraction's common case (using OpenLayers); this'll avoid waiting on additional script loads for mxn.core.js and mxn.openlayers.core.js, and removes the need to load usermap.js separately as well.
      fb315c6f
    • Brion Vibber's avatar
      Add stripped and minified local copy of OpenLayers 2.10, about 1/5 the size of the full version. · 34569017
      Brion Vibber authored
      Included Makefile will recreate the OpenLayers.js using the statusnet.cfg strip configuration file
      and yui-compressor to do some extra minification at the end. Requires fetching the OpenLayers
      source download and dropping it in:
      
      http://openlayers.org/download/OpenLayers-2.10.tar.gz
      34569017
  7. 07 Dec, 2010 2 commits
  8. 06 Dec, 2010 5 commits
  9. 30 Nov, 2010 6 commits
  10. 26 Nov, 2010 1 commit
  11. 22 Nov, 2010 4 commits
  12. 20 Nov, 2010 2 commits
  13. 19 Nov, 2010 5 commits
    • Brion Vibber's avatar
      Ticket #2724: gracefully handle attempts to delete or fave/unfave a remote... · 94f2f96f
      Brion Vibber authored
      Ticket #2724: gracefully handle attempts to delete or fave/unfave a remote Twitter notice if a failure occurs.
      
      Most annoying error case being where the notice was already faved or deleted on Twitter! :)
      Such errors will now just fail out and log a note to the syslog -- the rest of what we were doing will continue on unhindered, so you can still delete, favorite, etc and it just won't sync the info over in that case.
      94f2f96f
    • Brion Vibber's avatar
      Ticket #2796: don't allow arbitrary overriding of the 'action' class and other... · 4193a826
      Brion Vibber authored
      Ticket #2796: don't allow arbitrary overriding of the 'action' class and other parameters pulled from the URL mapper.
      
      This protects against oddities such as manual invocation of the ClientError action, which can spoof error messages.
      4193a826
    • Brion Vibber's avatar
      Ticket #1987: support since_id on API notice search methods. · ca55d6c5
      Brion Vibber authored
      max_id is not yet implemented, as it'll need support added to the search backends. (since_id we get 'for free' by just cropping off the list, it'll do for now)
      ca55d6c5
    • Brion Vibber's avatar
      Ticket #2441: fix deletion of avatars when a profile is deleted. · 4b01dd8b
      Brion Vibber authored
      Code was doing a batch call to $avatar->delete() which fails to properly engage the file deletion code. Calling the existing profile->delete_avatars() function deletes them individually, which makes it all work nice again.
      4b01dd8b
    • Brion Vibber's avatar
      Ticket #2899: clean up inbox/outbox DM form a bit: · d9619258
      Brion Vibber authored
      - "To" drop-down list now defaults to showing "Select recipient:" instead of the first person on your list, reducing liklihood of accidentally sending a message to the wrong person.
      - When there are no mutual subscribers to send to, instead of an empty list the list now shows 'No mutual subscribers.'
      
      In both cases, attempting to send when the default is selected displays an error message.
      I'm not disabling form elements in part because our themes right now don't show disabled button state correctly; we might want to tighten that up a bit more once fixed.
      d9619258
  14. 18 Nov, 2010 2 commits
  15. 16 Nov, 2010 2 commits