- 22 Feb, 2016 1 commit
-
-
mattl authored
Evil forms on other websites could otherwise potentially be configured to have action="https://gnusocial.example/api/statuses/update.json" or whatever. XHR is already blocked with CORS stuff. Really, why do browsers allow cross domain POSTs at all? Sigh. The web.
-
- 09 Oct, 2015 1 commit
-
-
mattl authored
-
- 27 Feb, 2015 1 commit
-
-
mattl authored
-
- 13 Feb, 2015 1 commit
-
-
mattl authored
-
- 31 Jan, 2015 1 commit
-
-
mattl authored
-
- 10 Nov, 2014 6 commits
- 15 Oct, 2013 1 commit
-
-
mattl authored
clientError and serverError exit after they're done so no need for break or return. Also, $this->format is default. We also got rid of the incredibly verbose version of $this->isPost() which was spread all over the place. Not all of this cleaning up is done yet.
-
- 14 Oct, 2013 2 commits
- 06 Oct, 2013 2 commits
- 09 Sep, 2013 3 commits
-
-
mattl authored
As a bonus I added type declaration on Profile_block::exists and Subscription::exists respectively.
-
mattl authored
-
mattl authored
getUser calls are much more strict, and one place where this was found was in the (un)subscribe start/end event handlers, which resulted in making the Subscription class a bit stricter, regarding ::start and ::cancel at least. Several minor fixes in many files were made due to this. This does NOT touch the Foreign_link function, which should also have a more strict getUser call. That is a future project.
-
- 18 Aug, 2013 1 commit
-
-
mattl authored
I used this hacky sed-command (run it from your GNU Social root, or change the first grep's path to where it actually lies) to do a rough fix on all ::staticGet calls and rename them to ::getKV sed -i -s -e '/DataObject::staticGet/I!s/::staticGet/::getKV/Ig' $(grep -R ::staticGet `pwd`/* | grep -v -e '^extlib' | grep -v DataObject:: |grep -v "function staticGet"|cut -d: -f1 |sort |uniq) If you're applying this, remember to change the Managed_DataObject and Memcached_DataObject function definitions of staticGet to getKV! This might of course take some getting used to, or modification fo StatusNet plugins, but the result is that all the static calls (to staticGet) are now properly made without breaking PHP Strict Standards. Standards are there to be followed (and they caused some very bad confusion when used with get_called_class) Reasonably any plugin or code that tests for the definition of 'GNUSOCIAL' or similar will take this change into consideration.
-
- 25 May, 2011 2 commits
-
-
Evan Prodromou authored
-
Evan Prodromou authored
-
- 01 Apr, 2011 1 commit
-
-
Siebrand Mazeland authored
Translator documentation updated. Superfluous whitespace removed. Some FIXMEs added.
-
- 21 Feb, 2011 1 commit
-
-
Evan Prodromou authored
I've extended the rights framework (centering on the Right class and Profile::hasRight()) to cover Web login and API use. This will make it possible to prevent login and API use by users. I added two new Right constants to the Right class: WEBLOGIN and API. I check these rights using Profile::hasRight() when initializing users. If the rights check fails, I throw an exception. I created a new AuthorizationException class for this particular exception, in order to allow a different UI for these kinds of exceptions (or whatever).
-
- 20 Jan, 2011 2 commits
-
-
Zach Copley authored
-
Zach Copley authored
-
- 19 Jan, 2011 1 commit
-
-
Zach Copley authored
-
- 20 Oct, 2010 2 commits
-
-
Siebrand Mazeland authored
* translator documentation updated/added. * superfluous whitespace removed.
-
Zach Copley authored
small DB tweak. Oauth_application_user needs to have the primary compound key: (profile_id, application_id, token). http://status.net/open-source/issues/2761 This should also make it possible to have multiple access tokens per application. http://status.net/open-source/issues/2788
-
- 19 Oct, 2010 1 commit
-
-
Zach Copley authored
-
- 13 Sep, 2010 1 commit
-
-
Siebrand Mazeland authored
* remove superfluous whitespace
-
- 16 Jul, 2010 1 commit
-
-
Zach Copley authored
-
- 27 May, 2010 1 commit
-
-
Craig Andrews authored
-
- 08 May, 2010 2 commits
-
-
Zach Copley authored
-
Zach Copley authored
-
- 07 May, 2010 1 commit
-
-
Zach Copley authored
-
- 22 Apr, 2010 1 commit
-
-
Zach Copley authored
-
- 10 Apr, 2010 2 commits
-
-
Siebrand Mazeland authored
-
Siebrand Mazeland authored
-
- 26 Mar, 2010 1 commit
-
-
Zach Copley authored
Return an http auth error, when a client sends in an invalid auth user, even when http auth is not required.
-