Michael Vogel
c6d647b8df
Merge pull request #9540 from MrPetovan/bug/9538-security-blind-attack-username
...
Escape contact names in several HTML snippets/jQuery insert contexts
2020-11-18 00:20:43 +01:00
096cb19d12
Suppress notice when causer-id exists but not causer-link in Model\Item::isAllowedByUser
...
- Address https://github.com/friendica/friendica/issues/9252#issuecomment-723440980
2020-11-17 18:06:16 -05:00
260b9e7bd3
Improve expectation for not modified check in theme/vier/style
...
- Address https://github.com/friendica/friendica/issues/9252#issuecomment-721994406
2020-11-17 18:01:03 -05:00
ccad67c68f
Use correct contact key in Protocol\ActivityPub\Transmitter
...
- Address https://github.com/friendica/friendica/issues/9252#issuecomment-719866843
2020-11-17 17:59:39 -05:00
93380b8471
Suppress notice while logging in Model\Contact
...
- Address https://github.com/friendica/friendica/issues/9252#issuecomment-716042132
2020-11-17 17:57:37 -05:00
283b70928d
Remove top-level parent check from Protocol\OStatus
...
- It's done in Item::insert instead
- Address part of https://github.com/friendica/friendica/issues/9252#issuecomment-729171051
2020-11-17 17:54:07 -05:00
54aef550c5
Remove superfluous mentions of parent-uri in Protocol\Diaspora
...
- Address part of https://github.com/friendica/friendica/issues/9252#issuecomment-729171051
2020-11-17 17:54:07 -05:00
5668192f38
Moved table definition
2020-11-17 22:49:55 +00:00
7615c022be
Improved logging
2020-11-17 22:41:53 +00:00
219c651289
Removed test logging
2020-11-17 22:38:52 +00:00
eaa58da25b
New table "post-user" and more foreign keys
2020-11-17 22:33:44 +00:00
b2666e7794
Escape user name in introduction fields help text
...
- HTML help text aren't escaped in the template
# Conflicts:
# src/Module/Notifications/Introductions.php
2020-11-16 18:21:11 -05:00
bbd3e44bb2
Escape user names in notifications
...
- The HTML notification message interpolation is unfiltered by the template
# Conflicts:
# mod/ping.php
2020-11-16 18:20:23 -05:00
b2c4116357
Replace JQuery .text by .html
...
- Prevents inserting unescaped HTML in page
2020-11-16 18:19:24 -05:00
ba0d3b2435
Merge pull request #9537 from annando/item-lock
...
Fallback to database lock if locking fails
2020-11-16 16:05:24 -05:00
deb6b7a7c3
Fallback to database lock if locking fails
2020-11-16 19:46:20 +00:00
a69c98e32f
Merge pull request #9535 from annando/ap-relay
...
Relay code reworked to support AP delivery
2020-11-15 20:27:08 -05:00
0384bf3e76
Relay code reworked to support AP delivery
2020-11-15 23:28:05 +00:00
Michael Vogel
42be636118
Merge pull request #9515 from MrPetovan/task/9464-block-replies
...
Reject replies when author is blocked by thread owner
2020-11-15 18:44:48 +01:00
682b9c24f8
Update database.sql with the latest structure changes
2020-11-15 11:42:46 -05:00
Michael Vogel
64ce43cdef
Merge pull request #9534 from MrPetovan/bug/smilies-image-description
...
Prevent image descriptions from being replaced by local smilies
2020-11-15 07:21:27 +01:00
dbb33399bc
Prevent image descriptions from being replaced by local smilies
...
- AP-received emojis have their code in the image description
2020-11-15 00:12:26 -05:00
b5d3fcb8d4
Move top-level permission check outside of Model\Item::getTopLevelParentData
...
- It wasn't checked when the direct parent was also the top-level parent
2020-11-14 10:11:26 -05:00
cb963a3259
Retrieve local top level parent item separately to check permissions in Model\Item::getTopLevelParentData
2020-11-14 10:11:26 -05:00
c98da63041
[Database version 1375] Add update method to populate missing item.thr-parent values
2020-11-14 10:11:26 -05:00
2e7c505ac0
Revert wrong item.thr-parent field usage in Protocol\OStatus
2020-11-14 10:08:52 -05:00
042f6b98ac
Remove unnecessary data array assignment in Protocol\Feed
2020-11-14 10:08:51 -05:00
5ce8cc24de
Clarify parameter type in DFRN::mail
2020-11-14 10:08:51 -05:00
ff66633a44
Remove references to item.parent-uri in Worker\OnePoll
2020-11-14 10:08:51 -05:00
a9d114316d
Ensure the parent field isn't set during Item insertion
...
- Avoid a database error if a null value is provided
2020-11-14 10:08:51 -05:00
c36ca3cffe
Fix null value for item.parent column
2020-11-14 10:08:51 -05:00
d3708cf1c2
Fix wrong variable use in Model\Item::getTopLevelParent
...
- It was preventing items at levels 3 and beyond to be inserted
- Logging for missing top level parent has been bumped to notice
2020-11-14 10:08:51 -05:00
eebcf1ae86
Separate $parent_item and $toplevel_item in mod/item
2020-11-14 10:08:51 -05:00
355cd401ae
Replace uri fields conditions by gravity condition in Model\Item::insert
2020-11-14 10:08:51 -05:00
ffc364f2a4
Reject replies when author is blocked by thread owner in Model\Item::insert
...
- Move user-level item permission to Model\Item::isAllowedByUser
- Add user-level check for comments on top-level item
2020-11-14 10:08:50 -05:00
5e76def1ff
Clarify item.parent-uri use in database field comment
2020-11-14 10:08:50 -05:00
0f2a5daf09
Replace confusing uses of item.parent-uri with expected item.thr-parent
2020-11-14 10:08:50 -05:00
0c3a5c815e
Remove obsolete references to item.parent-uri
2020-11-14 10:08:50 -05:00
d7e1ce47bb
Use item.thr-parent as expected in Model\Item::insert()
...
- Rework Model\Item::getTopLevelParent
- Backward compatibility with item.parent-uri is ensured
2020-11-14 10:08:50 -05:00
37a122bf7c
Merge pull request #9532 from Quix0r/fixes/pconfig-k-cat-varchar
...
Some fixes: not needed varbinary and missing UPDATE::SUCCESS
2020-11-14 10:03:22 -05:00
c4a20613a8
Ops!
...
Signed-off-by: Roland Häder <roland@mxchange.org>
2020-11-14 15:50:50 +01:00
32e9a4d4d7
Some fixes:
...
- varbinary() is not needed when clear-text words like 'xmpp' are used for them,
it also hinders using external tools like Adminer/phpMyAdmin to search for
them as e.g. Adminer wraps a HEX() call (SQL) around `k` and `cat` (see table
`pconfig`)
- added missing UPDATE::SUCCESS
Signed-off-by: Roland Häder <roland@mxchange.org>
2020-11-14 15:29:41 +01:00
490ce976c1
Merge pull request #9531 from annando/fatal
...
Check for empty body to prevent a fatal error
2020-11-12 13:41:26 -05:00
ae363b74ad
Check for empty body to prevent a fatal error
2020-11-12 16:52:55 +00:00
6dee10f340
Merge pull request #9530 from annando/fatal
...
Fix fatal errors
2020-11-12 07:57:53 -05:00
36c65643fb
Fix fatal errors
2020-11-12 05:17:48 +00:00
Michael Vogel
acae3df0a2
Merge pull request #9526 from MrPetovan/bug/9525-mastodon-emojis-tag
...
Restore expected implementation of JsonLD::fetchElementArray
2020-11-12 05:47:46 +01:00
a8f16788f4
Prevent multiple replacements for the same emoji in Protocol\ActivityPub\Processor::replaceEmojis
2020-11-11 18:28:26 -05:00
d7ea4ea425
Merge pull request #9529 from annando/api-not-found
...
API: Not implemented stuff should return 404
2020-11-11 16:15:24 -05:00
5598f7d6ba
Fix test
2020-11-11 20:49:34 +00:00