GitLab

Hotpatch for infinite redirection-following loop seen processing URLs to http://clojure.org/ -- if we end up with an unstable redirect target (final item in a redirect chain ends up redirecting us somewhere else when we visit it again), just save the last version we saw instead of trying to start over.

Pretty much everything in File and File_redirection initial processing needs to be rewritten to be non-awful; this code is very hard to follow and very easy to make huge bugs. A fair amount of the complication is probably obsoleted by the redirection following being built into HTTPClient now.

This reverts commit f9860920.

Revert "Locale switch cleanup: use common_switch_locale() which is safer for updating gettext state. Also moved a few calls to reduce chance of hitting an exception before switching back."

This reverts commit 74a89b1f.

- Use FQL to check for publish stream permission instead of old REST API
- Better error handling, especially for error code 100
- More logging / better log messages

Handle funky notice deletion cases more gracefully: if we already have a deleted_notice entry, don't freak out when we try to save it again on the second try.

Hotpatch for Facebook mirror problems: drop messages when hitting rate limit (err 341) instead of retrying forever. On unknown errors, now throwing an exception so it'll hit the message retry limits.

Must be set to a value that matches one of the entries in $config['queue']['stomp_server'] array, otherwise ignored.

Disable SSL peer/hostname verification for HTTPClient unless we've configured a trusted CA bundle like this: $config['http']['ssl_cafile'] = '/usr/lib/ssl/certs/ca-certificates.crt';
The previous state was failing on all HTTPS hits due to HTTP_Request2 library turning on the validation check but not specifying a CA file.

Added block link to subscription notification emails; block action can now take a profile ID on the URL; added profile details to block page so there's an indication of who you're blocking before you pull the trigger.

Fixed typo in RedirectingAction when no return-to data provided in form submission.
RedirectingAction::returnToArgs() has been renamed to returnToPrevious() to avoid conflict with Action::returnToArgs() which returns arguments to be passed to other actions as return-to arguments. All callers should now be updated.
More profile settings actions will now redirect through a login form if visited as a GET request, as would be expected from a bookmark, link sent in e-mail etc.

Quick fix for creating OpenID accounts authenticating against a MediaWiki site; trim the 'User:' etc from the final path segment before generating a nickname from it. Avoids ending up with nicks like 'userbrion' on your first OpenID login!

Add config option for RequireValidatedEmail plugin to skip the check for folks with a trusted OpenID association.
Also added an event that other plugins or local config can use to override the checks.

facebook posting code.

Locale switch cleanup: use common_switch_locale() which is safer for updating gettext state. Also moved a few calls to reduce chance of hitting an exception before switching back.
Should help with problems where xmppdaemon would get stuck in wrong locale.

attribution
- Remove stray break statement from NoticeList

Redirect non-SSL hits to login & register actions to SSL if 'always' or 'sometimes' SSL modes are kicked in.
The forms would already submit to SSL, but people are happier if they start on a secure page!

Note: this really should be done for sensitive/all URLs in index.php, but it seems a bit awkward to reconstruct the SSL version of the link atm. Cleanup todo!

Previously was using the reply-to URL, which didn't match with other displays.
Now sends to the right conversation page.

Added a comment that the writable directory checks are insufficient to catch ACL problems on Windows; need a better check for that.