Merge remote-tracking branch 'upstream/master' into contact-discovery
This commit is contained in:
commit
037cf01a15
42
CHANGELOG
42
CHANGELOG
|
@ -1,17 +1,20 @@
|
||||||
Version 2019.06 (UNRELEASED) (2019-06-?)
|
Version 2019.06 (2019-06-23)
|
||||||
Friendica Core:
|
Friendica Core:
|
||||||
Update to the tranlation (CS, DE, ET, PL, PT-BR, SV) [translation teams]
|
Update to the tranlation (CS, DE, EN-GB, EN-US, ET, FR, IT, PL, PT-BR, SV) [translation teams]
|
||||||
Update to the documentation [nupplaphil, realkinetix]
|
Update to the documentation [nupplaphil, realkinetix, MrPetovan]
|
||||||
Update to the themes (frio, vier) [BinkaDroid, MrPetovan, tobiasd]
|
Update to the themes (frio, vier) [BinkaDroid, MrPetovan, tobiasd]
|
||||||
Enhancements to the API [annando, MrPetovan]
|
Enhancements to the API [annando, MrPetovan]
|
||||||
Enhancements to the way reshares are handled [annando]
|
Enhancements to the way reshares are handled [annando]
|
||||||
Enhancements to the redis configuration [nupplaphil]
|
Enhancements to the redis configuration [nupplaphil]
|
||||||
Enhancements to the federation stats display in the admin panel [tobiasd]
|
Enhancements to the federation stats display in the admin panel [tobiasd]
|
||||||
Enhancements to the processing of changed storage engine [MrPetovan]
|
Enhancements to the processing of changed storage engine [MrPetovan]
|
||||||
|
Enhancements to ActivityPub support [annando, MrPetovan]
|
||||||
|
Enhancements to code security [MrPetovan]
|
||||||
|
Enhancements to delivery counter [annando]
|
||||||
Fixed the notification order [JeroenED]
|
Fixed the notification order [JeroenED]
|
||||||
Fixed the timezone of Friendica logs [nupplaphil]
|
Fixed the timezone of Friendica logs [nupplaphil]
|
||||||
Fixed tag completion painfully slow [AlfredSK]
|
Fixed tag completion painfully slow [AlfredSK]
|
||||||
Fixed a regression in notifications [MrPetovan]
|
Fixed a regression in notifications [MrPetovan, annando]
|
||||||
Fixed an issue with smilies and code blocks [MrPetovan]
|
Fixed an issue with smilies and code blocks [MrPetovan]
|
||||||
Fixed an AP issue with unavailable local profiles [MrPetovan]
|
Fixed an AP issue with unavailable local profiles [MrPetovan]
|
||||||
Fixed an issue with the File to Folder feature [MrPetovan]
|
Fixed an issue with the File to Folder feature [MrPetovan]
|
||||||
|
@ -20,34 +23,55 @@ Version 2019.06 (UNRELEASED) (2019-06-?)
|
||||||
Fixed an issue occuring when the BasePath was not set [tobiasd]
|
Fixed an issue occuring when the BasePath was not set [tobiasd]
|
||||||
Fixed an issue with additionally opened Sessions [MrPetovan]
|
Fixed an issue with additionally opened Sessions [MrPetovan]
|
||||||
Fixed an issue with legacy loglevel mapping [nupplaphil]
|
Fixed an issue with legacy loglevel mapping [nupplaphil]
|
||||||
|
Fixed contact suggestions [annando]
|
||||||
|
Fixed an issue with frio hovercard [nupplaphil]
|
||||||
|
Fixed event interaction federation [annando]
|
||||||
|
Fixed remote image permission [deantownsley]
|
||||||
General Code cleaning and restructuring [annando, nupplaphil, tobiasd]
|
General Code cleaning and restructuring [annando, nupplaphil, tobiasd]
|
||||||
Added frio color scheme sharing [JeroenED]
|
Added frio color scheme sharing [JeroenED]
|
||||||
Added syslog and stream Logger [nupplaphil]
|
Added syslog and stream Logger [nupplaphil]
|
||||||
Added storage move cronjob [MrPetovan]
|
Added storage move cronjob [MrPetovan]
|
||||||
Added collapsible panel for connector permission fields [MrPetovan]
|
Added collapsible panel for connector permission fields [MrPetovan]
|
||||||
Added rule-based router [MrPetovan]
|
Added rule-based router [MrPetovan]
|
||||||
Added Estinian translation [Rain Hawk]
|
Added Estonian translation [Rain Hawk]
|
||||||
Added APCu caching [nupplaphil]
|
Added APCu caching [nupplaphil]
|
||||||
Added BlockServer command to the Friendica console [nupplaphil]
|
Added BlockServer command to the Friendica console [nupplaphil]
|
||||||
|
Added reshare count [annando]
|
||||||
|
Added rule-based router [MrPetovan, nupplaphil]
|
||||||
|
Added themed error pages with mascot [MrPetovan, lostinlight]
|
||||||
|
Added contact relationship filter [MrPetovan]
|
||||||
Removed the old queue mechanism (deferred workers are now used) [annando]
|
Removed the old queue mechanism (deferred workers are now used) [annando]
|
||||||
Removed BasePath and Hostname settings from the admin panel [nupplaphil]
|
Removed BasePath and Hostname settings from the admin panel [nupplaphil]
|
||||||
|
Remove support for defunct F-Droid Friendica app [MrPetovan]
|
||||||
|
|
||||||
Friendica Addons:
|
Friendica Addons:
|
||||||
Update to the tranlation (ET, SV, ZH_CN) [translation teams]
|
Update to the tranlation (ET, SV, ZH_CN) [translation teams]
|
||||||
botdetection:
|
botdetection:
|
||||||
Added a new addon for preventing access by bots [nupplaphil]
|
Added a new addon for preventing access by bots [nupplaphil, annando]
|
||||||
buffer:
|
buffer:
|
||||||
Traces of Google+ were removed [annando]
|
Traces of Google+ were removed [annando]
|
||||||
curweather:
|
curweather:
|
||||||
Fixed a problem with the display of the correct temperature unit [tobiasd]
|
Fixed a problem with the display of the correct temperature unit [tobiasd]
|
||||||
fromgplus:
|
fromgplus:
|
||||||
Deprecated the addon as Google+ was closed [tobiasd]
|
Deprecated the addon as Google+ was closed [tobiasd]
|
||||||
|
fortunate:
|
||||||
|
Deprecated addon for incompatibility with latest Friendica version [MrPetovan]
|
||||||
phpmailer:
|
phpmailer:
|
||||||
Added a new addon to use external SMTP for email [M-arcus]
|
Added a new addon to use external SMTP for email [M-arcus, kecalcze, MrPetovan]
|
||||||
|
pledgie:
|
||||||
|
Deprecated addon as service was discontinued [M-arcus]
|
||||||
|
xmpp:
|
||||||
|
Marked addon as unsupported because of various incompatibilities with themes [MrPetovan]
|
||||||
|
|
||||||
Closed Issues:
|
Closed Issues:
|
||||||
5011, 5047, 5850, 6303, 6319, 6478, 6319, 6720, 6815, 6864, 6879,
|
1012, 2209, 2528, 3309, 3717, 3816, 3869, 4453, 4999, 5011, 5047, 5276, 5850, 5983, 6303, 6319, 6379, 6410, 6477,
|
||||||
6903, 6921, 6927, 6936, 6941, 6943, 6947, 6948, 6952
|
6478, 6720, 6799, 6813, 6819, 6861, 6864, 6879, 6903, 6916, 6917, 6918, 6921, 6927, 6929, 6936, 6938, 6941, 6943,
|
||||||
|
6947, 6948, 6950, 6952, 6983, 6999, 7023, 7036, 7047, 7106, 7112, 7119, 7128, 7130, 7131, 7141, 7142, 7150, 7171,
|
||||||
|
7183, 7196, 7209, 7223, 7226, 7240, 7241, 7249, 7264, 7269, 7271, 7275, 7300, 7303
|
||||||
|
|
||||||
|
Version 2019.04 (2019-04-28)
|
||||||
|
Friendica Core:
|
||||||
|
Fixed a privacy problem with postings accessed by feed [MrPetovan]
|
||||||
|
|
||||||
Version 2019.03 (2019-03-22)
|
Version 2019.03 (2019-03-22)
|
||||||
Friendica Core:
|
Friendica Core:
|
||||||
|
|
2
boot.php
2
boot.php
|
@ -31,7 +31,7 @@ use Friendica\Util\DateTimeFormat;
|
||||||
|
|
||||||
define('FRIENDICA_PLATFORM', 'Friendica');
|
define('FRIENDICA_PLATFORM', 'Friendica');
|
||||||
define('FRIENDICA_CODENAME', 'Dalmatian Bellflower');
|
define('FRIENDICA_CODENAME', 'Dalmatian Bellflower');
|
||||||
define('FRIENDICA_VERSION', '2019.06-rc');
|
define('FRIENDICA_VERSION', '2019.06');
|
||||||
define('DFRN_PROTOCOL_VERSION', '2.23');
|
define('DFRN_PROTOCOL_VERSION', '2.23');
|
||||||
define('NEW_UPDATE_ROUTINE_VERSION', 1170);
|
define('NEW_UPDATE_ROUTINE_VERSION', 1170);
|
||||||
|
|
||||||
|
|
|
@ -97,7 +97,19 @@
|
||||||
},
|
},
|
||||||
"archive": {
|
"archive": {
|
||||||
"exclude": [
|
"exclude": [
|
||||||
"log", "cache", "/photo", "/proxy"
|
"/.*",
|
||||||
|
"/*file",
|
||||||
|
"!/.htaccess-dist",
|
||||||
|
"/tests",
|
||||||
|
"/*.xml",
|
||||||
|
"/composer.*",
|
||||||
|
"/log",
|
||||||
|
"/cache",
|
||||||
|
"/photo",
|
||||||
|
"/proxy",
|
||||||
|
"/addon",
|
||||||
|
"!/vendor",
|
||||||
|
"!/view/asset"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"require-dev": {
|
"require-dev": {
|
||||||
|
|
|
@ -84,6 +84,10 @@ function display_init(App $a)
|
||||||
displayShowFeed($item['id'], $a->argc > 3 && $a->argv[3] == 'conversation.atom');
|
displayShowFeed($item['id'], $a->argc > 3 && $a->argv[3] == 'conversation.atom');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($a->argc >= 3 && $nick == 'feed-item') {
|
||||||
|
displayShowFeed($item['id'], $a->argc > 3 && $a->argv[3] == 'conversation.atom');
|
||||||
|
}
|
||||||
|
|
||||||
if (!empty($_SERVER['HTTP_ACCEPT']) && strstr($_SERVER['HTTP_ACCEPT'], 'application/atom+xml')) {
|
if (!empty($_SERVER['HTTP_ACCEPT']) && strstr($_SERVER['HTTP_ACCEPT'], 'application/atom+xml')) {
|
||||||
Logger::log('Directly serving XML for id '.$item["id"], Logger::DEBUG);
|
Logger::log('Directly serving XML for id '.$item["id"], Logger::DEBUG);
|
||||||
displayShowFeed($item["id"], false);
|
displayShowFeed($item["id"], false);
|
||||||
|
|
|
@ -226,7 +226,7 @@ class Event extends BaseObject
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
DBA::delete('event', ['id' => $event_id]);
|
DBA::delete('event', ['id' => $event_id], ['cascade' => false]);
|
||||||
Logger::log("Deleted event ".$event_id, Logger::DEBUG);
|
Logger::log("Deleted event ".$event_id, Logger::DEBUG);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1080,9 +1080,11 @@ class Item extends BaseObject
|
||||||
}
|
}
|
||||||
// When the permission set will be used in photo and events as well,
|
// When the permission set will be used in photo and events as well,
|
||||||
// this query here needs to be extended.
|
// this query here needs to be extended.
|
||||||
if (!empty($item['psid']) && !self::exists(['psid' => $item['psid'], 'deleted' => false])) {
|
// @todo Currently deactivated. We need the permission set in the deletion process.
|
||||||
DBA::delete('permissionset', ['id' => $item['psid']], ['cascade' => false]);
|
// This is a reminder to add the removal somewhere else.
|
||||||
}
|
//if (!empty($item['psid']) && !self::exists(['psid' => $item['psid'], 'deleted' => false])) {
|
||||||
|
// DBA::delete('permissionset', ['id' => $item['psid']], ['cascade' => false]);
|
||||||
|
//}
|
||||||
|
|
||||||
// If it's the parent of a comment thread, kill all the kids
|
// If it's the parent of a comment thread, kill all the kids
|
||||||
if ($item['id'] == $item['parent']) {
|
if ($item['id'] == $item['parent']) {
|
||||||
|
|
|
@ -16,6 +16,7 @@ use Friendica\Database\DBA;
|
||||||
use Friendica\Database\DBStructure;
|
use Friendica\Database\DBStructure;
|
||||||
use Friendica\Model\Storage\IStorage;
|
use Friendica\Model\Storage\IStorage;
|
||||||
use Friendica\Object\Image;
|
use Friendica\Object\Image;
|
||||||
|
use Friendica\Protocol\DFRN;
|
||||||
use Friendica\Util\DateTimeFormat;
|
use Friendica\Util\DateTimeFormat;
|
||||||
use Friendica\Util\Network;
|
use Friendica\Util\Network;
|
||||||
use Friendica\Util\Security;
|
use Friendica\Util\Security;
|
||||||
|
@ -133,8 +134,16 @@ class Photo extends BaseObject
|
||||||
if ($r === false) {
|
if ($r === false) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
$uid = $r["uid"];
|
||||||
|
|
||||||
$sql_acl = Security::getPermissionsSQLByUserId($r["uid"]);
|
// This is the first place, when retrieving just a photo, that we know who owns the photo.
|
||||||
|
// Make sure that the requester's session is appropriately authenticated to that user
|
||||||
|
// otherwise permissions checks done by getPermissionsSQLByUserId() won't work correctly
|
||||||
|
$r = DBA::selectFirst("user", ["nickname"], ["uid" => $uid], []);
|
||||||
|
// this will either just return (if auth all ok) or will redirect and exit (starting over)
|
||||||
|
DFRN::autoRedir(self::getApp(), $r["nickname"]);
|
||||||
|
|
||||||
|
$sql_acl = Security::getPermissionsSQLByUserId($uid);
|
||||||
|
|
||||||
$conditions = [
|
$conditions = [
|
||||||
"`resource-id` = ? AND `scale` <= ? " . $sql_acl,
|
"`resource-id` = ? AND `scale` <= ? " . $sql_acl,
|
||||||
|
|
|
@ -2899,7 +2899,12 @@ class DFRN
|
||||||
{
|
{
|
||||||
// prevent looping
|
// prevent looping
|
||||||
if (!empty($_REQUEST['redir'])) {
|
if (!empty($_REQUEST['redir'])) {
|
||||||
return;
|
Logger::log('autoRedir might be looping because redirect has been redirected', Logger::DEBUG);
|
||||||
|
// looping prevention also appears to sometimes prevent authentication for images
|
||||||
|
// because browser may have multiple connections open and load an image on a connection
|
||||||
|
// whose session wasn't updated when a previous redirect authenticated
|
||||||
|
// Leaving commented in case looping reappears
|
||||||
|
//return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((! $contact_nick) || ($contact_nick === $a->user['nickname'])) {
|
if ((! $contact_nick) || ($contact_nick === $a->user['nickname'])) {
|
||||||
|
@ -2923,6 +2928,9 @@ class DFRN
|
||||||
$baseurl = substr($baseurl, $domain_st + 3);
|
$baseurl = substr($baseurl, $domain_st + 3);
|
||||||
$nurl = Strings::normaliseLink($baseurl);
|
$nurl = Strings::normaliseLink($baseurl);
|
||||||
|
|
||||||
|
$r = User::getByNickname($contact_nick, ["uid"]);
|
||||||
|
$contact_uid = $r["uid"];
|
||||||
|
|
||||||
/// @todo Why is there a query for "url" *and* "nurl"? Especially this normalising is strange.
|
/// @todo Why is there a query for "url" *and* "nurl"? Especially this normalising is strange.
|
||||||
$r = q("SELECT `id` FROM `contact` WHERE `uid` = (SELECT `uid` FROM `user` WHERE `nickname` = '%s' LIMIT 1)
|
$r = q("SELECT `id` FROM `contact` WHERE `uid` = (SELECT `uid` FROM `user` WHERE `nickname` = '%s' LIMIT 1)
|
||||||
AND `nick` = '%s' AND NOT `self` AND (`url` LIKE '%%%s%%' OR `nurl` LIKE '%%%s%%') AND NOT `blocked` AND NOT `pending` LIMIT 1",
|
AND `nick` = '%s' AND NOT `self` AND (`url` LIKE '%%%s%%' OR `nurl` LIKE '%%%s%%') AND NOT `blocked` AND NOT `pending` LIMIT 1",
|
||||||
|
@ -2931,9 +2939,19 @@ class DFRN
|
||||||
DBA::escape($baseurl),
|
DBA::escape($baseurl),
|
||||||
DBA::escape($nurl)
|
DBA::escape($nurl)
|
||||||
);
|
);
|
||||||
if ((! DBA::isResult($r)) || $r[0]['id'] == remote_user()) {
|
if ((! DBA::isResult($r))) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
// test if redirect authentication already succeeded
|
||||||
|
// Note that "contact" in the sense used in the $contact_nick argument to this function
|
||||||
|
// and the sense in the $remote[]["cid"] in the session are opposite.
|
||||||
|
// In the session variable the user currently fetching is the contact
|
||||||
|
// while $contact_nick is the nick of tho user who owns the stuff being fetched.
|
||||||
|
foreach (\Friendica\Core\Session::get('remote', []) as $visitor) {
|
||||||
|
if ($visitor['uid'] == $contact_uid && $visitor['cid'] == $r[0]['id']) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$r = q("SELECT * FROM contact WHERE nick = '%s'
|
$r = q("SELECT * FROM contact WHERE nick = '%s'
|
||||||
AND network = '%s' AND uid = %d AND url LIKE '%%%s%%' LIMIT 1",
|
AND network = '%s' AND uid = %d AND url LIKE '%%%s%%' LIMIT 1",
|
||||||
|
|
Loading…
Reference in New Issue
Block a user