aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs
Commit message (Collapse)AuthorAgeFilesLines
* oembed cache: don't store the url (which may need to be truncated), store a ↵zotlabs2017-04-181-6/+6
| | | | hash instead. This will allow us to convert the table to utf8mb4 without running into mysql key length restrictions as well as dealing with the potential ambiguity of truncated urls.
* envelope privacyzotlabs2017-04-181-31/+29
|
* allow downloading via viewsrc to support client side e2eezotlabs2017-04-171-1/+10
|
* Merge branch 'dev' of https://github.com/redmatrix/hubzilla into xdev_mergezotlabs2017-04-171-0/+1
|\
| * missing includesMario Vavti2017-04-131-0/+1
| |
| * sql error photos_albums_list with non-logged-in viewerzotlabs2017-04-031-1/+1
| |
| * fix connectDefaultShare generated js function, though it isn't obvious if we ↵zotlabs2017-04-031-19/+11
| | | | | | | | still use it.
| * app sorting issuezotlabs2017-04-031-3/+13
| |
| * Merge pull request #710 from dawnbreak/importcsrfgit-marijus2017-03-312-0/+6
| |\ | | | | | | :lock: Add CSRF protection for import and import_items.
| * | get rid of some more deprecated uses of $azotlabs2017-03-312-2/+2
| | |
| * | remove obsolete app argument from load_pdlzotlabs2017-03-312-2/+2
| | |
| * | get rid of get_app()zotlabs2017-03-312-4/+3
| | |
| * | provide compatibility with old-style update systemzotlabs2017-03-311-6/+16
| | |
| * | get rid of 'davguest' and allow for project specific DB updates (currently ↵zotlabs2017-03-313-13/+15
| | | | | | | | | | | | db updates are common between all possible projects/subprojects/forks).
| * | move db_upgrade to zlibzotlabs2017-03-313-8/+115
| | |
* | | whitespacezotlabs2017-04-121-2/+2
| | |
* | | don't allow any null fields in notify creationzotlabs2017-04-111-2/+3
| | |
* | | webfinger cleanupzotlabs2017-04-111-20/+23
| | |
* | | sql error photos_albums_list with non-logged-in viewerzotlabs2017-04-021-1/+1
| | |
* | | remove some obsolete permissions stuffzotlabs2017-04-021-0/+1
| | |
* | | fix connectDefaultShare generated js function, though it isn't obvious if we ↵zotlabs2017-04-021-19/+11
| | | | | | | | | | | | still use it.
* | | app sorting issuezotlabs2017-04-021-3/+13
| | |
* | | Merge branch 'importcsrf' of https://github.com/dawnbreak/hubzilla into csrfzotlabs2017-03-302-0/+6
|\ \ \ | | |/ | |/|
| * | :lock: Add CSRF protection for import and import_items.Klaus Weidenbach2017-03-302-0/+6
| |/
* | Merge branch 'dev' of https://github.com/redmatrix/hubzilla into xdev_mergezotlabs2017-03-303-59/+66
|\|
| * Merge pull request #709 from dawnbreak/docuKlaus2017-03-302-56/+56
| |\ | | | | | | Add some documentation for import functions.
| | * Add some documentation for import functions.Klaus Weidenbach2017-03-302-56/+56
| | |
| * | do not allow creating two wikis with the same nameMario Vavti2017-03-301-3/+10
| | |
| * | circular logic - we need the mailbox to find the last message so move the ↵zotlabs2017-03-301-4/+9
| | | | | | | | | | | | code block back where it was, and only set a direct mid if one was specified.
| * | when clicking a notification to view a private mail message, actually view ↵zotlabs2017-03-301-2/+9
| |/ | | | | | | that message instead of the most recent.
* | circular logic - we need the mailbox to find the last message so move the ↵zotlabs2017-03-291-4/+9
| | | | | | | | code block back where it was, and only set a direct mid if one was specified.
* | when clicking a notification to view a private mail message, actually view ↵zotlabs2017-03-291-2/+9
| | | | | | | | that message instead of the most recent.
* | Merge branch 'dev' of https://github.com/redmatrix/hubzilla into xdev_mergezotlabs2017-03-292-2/+4
|\|
| * allow setting the system email name/address/replyzotlabs2017-03-291-0/+15
| |
| * more cloud updates - upgrade the DAV structures as well.zotlabs2017-03-292-23/+51
| |
| * some more photo issueszotlabs2017-03-291-24/+22
| |
| * fix photo prvnxt after all the changes yesterdayzotlabs2017-03-291-6/+5
| |
| * more work on the photo album messzotlabs2017-03-291-92/+65
| |
| * photos_album_exists() requires an observer to work correctly; provide it.zotlabs2017-03-291-2/+2
| |
| * use the same host macro for sender address as for reply_to addresszotlabs2017-03-291-2/+2
| |
| * begin the process of using the relevant attach directory/path for photo ↵zotlabs2017-03-291-31/+14
| | | | | | | | albums instead of an album basename which may not be unique. Created an 'ellipsify()' function to shorten long names and keep the beginning and end intact
| * more markdown purificationzotlabs2017-03-291-5/+5
| |
| * perform attach_upgrade()zotlabs2017-03-291-0/+3
| |
| * after all of this, I would be very hesitant to use any multi-user system ↵zotlabs2017-03-291-1/+1
| | | | | | | | which uses markdown and which doesn't have a large security budget.
| * even more fine tuning of the markdown purifier - especially when used with ↵zotlabs2017-03-293-2/+3
| | | | | | | | the wiki
| * various input filter fixeszotlabs2017-03-299-23/+76
| |
| * more work related to attach/photo and os_path, display_path and general code ↵zotlabs2017-03-292-36/+40
| | | | | | | | cleanup
| * input filter updateszotlabs2017-03-294-46/+9
| |
| * class MarkdownSoap to safely store markdown by purifying and preserving ↵zotlabs2017-03-291-0/+86
| | | | | | | | (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor
| * code_allowed is a real mess. Start the cleanup by remving the account level ↵zotlabs2017-03-292-23/+4
| | | | | | | | code allow and limiting to specific channels only. This reduces the possibility of cross channel security issues coming into play. Then provide a single function for checking the code permission. This is only partially done as we often need to check against the observer or logged in channel as well as the resource owner to ensure that this only returns true for local channels which also own the requested resource.