Commit graph

29192 commits

Author SHA1 Message Date
Michael Vogel
c6d647b8df
Merge pull request #9540 from MrPetovan/bug/9538-security-blind-attack-username
Escape contact names in several HTML snippets/jQuery insert contexts
2020-11-18 00:20:43 +01:00
096cb19d12 Suppress notice when causer-id exists but not causer-link in Model\Item::isAllowedByUser
- Address https://github.com/friendica/friendica/issues/9252#issuecomment-723440980
2020-11-17 18:06:16 -05:00
260b9e7bd3 Improve expectation for not modified check in theme/vier/style
- Address https://github.com/friendica/friendica/issues/9252#issuecomment-721994406
2020-11-17 18:01:03 -05:00
ccad67c68f Use correct contact key in Protocol\ActivityPub\Transmitter
- Address https://github.com/friendica/friendica/issues/9252#issuecomment-719866843
2020-11-17 17:59:39 -05:00
93380b8471 Suppress notice while logging in Model\Contact
- Address https://github.com/friendica/friendica/issues/9252#issuecomment-716042132
2020-11-17 17:57:37 -05:00
283b70928d Remove top-level parent check from Protocol\OStatus
- It's done in Item::insert instead
- Address part of https://github.com/friendica/friendica/issues/9252#issuecomment-729171051
2020-11-17 17:54:07 -05:00
54aef550c5 Remove superfluous mentions of parent-uri in Protocol\Diaspora
- Address part of https://github.com/friendica/friendica/issues/9252#issuecomment-729171051
2020-11-17 17:54:07 -05:00
5668192f38 Moved table definition 2020-11-17 22:49:55 +00:00
7615c022be Improved logging 2020-11-17 22:41:53 +00:00
219c651289 Removed test logging 2020-11-17 22:38:52 +00:00
eaa58da25b New table "post-user" and more foreign keys 2020-11-17 22:33:44 +00:00
b2666e7794 Escape user name in introduction fields help text
- HTML help text aren't escaped in the template

# Conflicts:
#	src/Module/Notifications/Introductions.php
2020-11-16 18:21:11 -05:00
bbd3e44bb2 Escape user names in notifications
- The HTML notification message interpolation is unfiltered by the template

# Conflicts:
#	mod/ping.php
2020-11-16 18:20:23 -05:00
b2c4116357 Replace JQuery .text by .html
- Prevents inserting unescaped HTML in page
2020-11-16 18:19:24 -05:00
ba0d3b2435
Merge pull request #9537 from annando/item-lock
Fallback to database lock if locking fails
2020-11-16 16:05:24 -05:00
deb6b7a7c3 Fallback to database lock if locking fails 2020-11-16 19:46:20 +00:00
a69c98e32f
Merge pull request #9535 from annando/ap-relay
Relay code reworked to support AP delivery
2020-11-15 20:27:08 -05:00
0384bf3e76 Relay code reworked to support AP delivery 2020-11-15 23:28:05 +00:00
Michael Vogel
42be636118
Merge pull request #9515 from MrPetovan/task/9464-block-replies
Reject replies when author is blocked by thread owner
2020-11-15 18:44:48 +01:00
682b9c24f8 Update database.sql with the latest structure changes 2020-11-15 11:42:46 -05:00
Michael Vogel
64ce43cdef
Merge pull request #9534 from MrPetovan/bug/smilies-image-description
Prevent image descriptions from being replaced by local smilies
2020-11-15 07:21:27 +01:00
dbb33399bc Prevent image descriptions from being replaced by local smilies
- AP-received emojis have their code in the image description
2020-11-15 00:12:26 -05:00
b5d3fcb8d4 Move top-level permission check outside of Model\Item::getTopLevelParentData
- It wasn't checked when the direct parent was also the top-level parent
2020-11-14 10:11:26 -05:00
cb963a3259 Retrieve local top level parent item separately to check permissions in Model\Item::getTopLevelParentData 2020-11-14 10:11:26 -05:00
c98da63041 [Database version 1375] Add update method to populate missing item.thr-parent values 2020-11-14 10:11:26 -05:00
2e7c505ac0 Revert wrong item.thr-parent field usage in Protocol\OStatus 2020-11-14 10:08:52 -05:00
042f6b98ac Remove unnecessary data array assignment in Protocol\Feed 2020-11-14 10:08:51 -05:00
5ce8cc24de Clarify parameter type in DFRN::mail 2020-11-14 10:08:51 -05:00
ff66633a44 Remove references to item.parent-uri in Worker\OnePoll 2020-11-14 10:08:51 -05:00
a9d114316d Ensure the parent field isn't set during Item insertion
- Avoid a database error if a null value is provided
2020-11-14 10:08:51 -05:00
c36ca3cffe Fix null value for item.parent column 2020-11-14 10:08:51 -05:00
d3708cf1c2 Fix wrong variable use in Model\Item::getTopLevelParent
- It was preventing items at levels 3 and beyond to be inserted
- Logging for missing top level parent has been bumped to notice
2020-11-14 10:08:51 -05:00
eebcf1ae86 Separate $parent_item and $toplevel_item in mod/item 2020-11-14 10:08:51 -05:00
355cd401ae Replace uri fields conditions by gravity condition in Model\Item::insert 2020-11-14 10:08:51 -05:00
ffc364f2a4 Reject replies when author is blocked by thread owner in Model\Item::insert
- Move user-level item permission to Model\Item::isAllowedByUser
- Add user-level check for comments on top-level item
2020-11-14 10:08:50 -05:00
5e76def1ff Clarify item.parent-uri use in database field comment 2020-11-14 10:08:50 -05:00
0f2a5daf09 Replace confusing uses of item.parent-uri with expected item.thr-parent 2020-11-14 10:08:50 -05:00
0c3a5c815e Remove obsolete references to item.parent-uri 2020-11-14 10:08:50 -05:00
d7e1ce47bb Use item.thr-parent as expected in Model\Item::insert()
- Rework Model\Item::getTopLevelParent
- Backward compatibility with item.parent-uri is ensured
2020-11-14 10:08:50 -05:00
37a122bf7c
Merge pull request #9532 from Quix0r/fixes/pconfig-k-cat-varchar
Some fixes: not needed varbinary and missing UPDATE::SUCCESS
2020-11-14 10:03:22 -05:00
c4a20613a8
Ops!
Signed-off-by: Roland Häder <roland@mxchange.org>
2020-11-14 15:50:50 +01:00
32e9a4d4d7
Some fixes:
- varbinary() is not needed when clear-text words like 'xmpp' are used for them,
  it also hinders using external tools like Adminer/phpMyAdmin to search for
  them as e.g. Adminer wraps a HEX() call (SQL) around `k` and `cat` (see table
  `pconfig`)
- added missing UPDATE::SUCCESS

Signed-off-by: Roland Häder <roland@mxchange.org>
2020-11-14 15:29:41 +01:00
490ce976c1
Merge pull request #9531 from annando/fatal
Check for empty body to prevent a fatal error
2020-11-12 13:41:26 -05:00
ae363b74ad Check for empty body to prevent a fatal error 2020-11-12 16:52:55 +00:00
6dee10f340
Merge pull request #9530 from annando/fatal
Fix fatal errors
2020-11-12 07:57:53 -05:00
36c65643fb Fix fatal errors 2020-11-12 05:17:48 +00:00
Michael Vogel
acae3df0a2
Merge pull request #9526 from MrPetovan/bug/9525-mastodon-emojis-tag
Restore expected implementation of JsonLD::fetchElementArray
2020-11-12 05:47:46 +01:00
a8f16788f4 Prevent multiple replacements for the same emoji in Protocol\ActivityPub\Processor::replaceEmojis 2020-11-11 18:28:26 -05:00
d7ea4ea425
Merge pull request #9529 from annando/api-not-found
API: Not implemented stuff should return 404
2020-11-11 16:15:24 -05:00
5598f7d6ba Fix test 2020-11-11 20:49:34 +00:00