Sebastian Jambor
a3c81fc929
Merge tag 'v4.1.4' into merge-security-fix
2023-07-11 13:11:33 +02:00
Sebastian Jambor
b45e686a89
Merge tag 'v4.1.3' into merge-security-fix
2023-07-11 13:07:56 +02:00
Claire
53b979d5c7
Fix processing of media files with unusual names ( #25788 )
2023-07-07 19:37:21 +02:00
Claire
0aa0b71f2c
Merge pull request from GHSA-9928-3cp5-93fm
...
* Fix attachments getting processed despite failing content-type validation
* Add a restrictive ImageMagick security policy tailored for Mastodon
* Fix misdetection of MP3 files with large cover art
* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Renaud Chaput
8eb1bb8ba6
Allow carets in URL search params ( #25216 )
2023-07-06 13:45:40 +02:00
Claire
79f5b8f156
Fix ResolveURLService not resolving local URLs for remote content ( #25637 )
2023-07-06 13:45:40 +02:00
Claire
f8930a67a0
Change /api/v1/statuses/:id/history to always return at least one item ( #25510 )
2023-07-06 13:45:40 +02:00
Daniel M Brasil
fd1ffd72eb
Fix incorrect pagination headers in /api/v2/admin/accounts
( #25477 )
2023-07-06 13:45:40 +02:00
Claire
7bd34f8b23
Fix infinite loop in AccountsStatusesCleanupScheduler ( #24840 )
2023-07-06 13:45:40 +02:00
Claire
7012bf6ed3
Improve automatic post cleanup worker performances ( #24785 )
2023-07-06 13:45:40 +02:00
Claire
d9e45f2fa9
Fix AccountsStatusesCleanupScheduler not spreading deletes across accounts correctly ( #24607 )
2023-07-06 13:45:40 +02:00
Claire
2779bce9a2
Add fallback redirection when getting a webfinger query LOCAL_DOMAIN@LOCAL_DOMAIN
( #23600 )
...
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-07-06 13:45:40 +02:00
Claire
210ff36860
Change AccessTokensVacuum to also delete expired tokens ( #24868 )
2023-07-06 13:45:40 +02:00
Claire
99c2bbbec9
Change profile updates to be sent to recently-mentioned servers ( #24852 )
2023-07-06 13:45:40 +02:00
Claire
7e58779300
Fix reports not being closed when performing batch suspensions ( #24988 )
2023-07-06 13:45:40 +02:00
Claire
4c6c790f80
Fix /api/v1/conversations sometimes returning empty accounts ( #25499 )
2023-07-06 13:45:40 +02:00
Claire
036ac5b5c9
Fix ArgumentError when loading newer Private Mentions ( #25399 )
2023-07-06 13:45:40 +02:00
Sebastian Jambor
af095cb887
fix audience helper when passed array with null
2023-07-03 19:43:30 +02:00
Sebastian Jambor
57f7eb4cd8
add sender to activity log json
2023-04-17 17:54:35 +02:00
Sebastian Jambor
60ab6359b7
fix issue in activity logger
2023-04-17 17:53:13 +02:00
Sebastian Jambor
a3b8fa244a
allow multiple clients for the same id
2023-04-17 17:53:13 +02:00
Sebastian Jambor
14b89d1e71
handle duplicates
2023-04-17 17:50:35 +02:00
Sebastian Jambor
60baa74a56
handle followers
2023-04-17 17:50:35 +02:00
Sebastian Jambor
509b04c2a0
handle audicence fields
2023-04-17 17:50:35 +02:00
Sebastian Jambor
c8ea90f6f1
extending functionality of audience helper
2023-04-17 17:50:35 +02:00
Sebastian Jambor
7222173cc6
starting a test for audience helper
2023-04-17 17:50:35 +02:00
Claire
8c4ea7d715
Fix misleading error code when receiving invalid WebAuthn credentials ( #23568 )
2023-03-16 11:45:53 +01:00
Claire
68af19c328
Change auto-deletion throttling constants to better scale with server size ( #23320 )
2023-03-13 18:49:01 +01:00
Christian Schmidt
3f2e31800e
Unescape HTML entities ( #24019 )
2023-03-13 18:45:42 +01:00
Claire
0dc342df81
Fix “Remove all followers from the selected domains” being more destructive than it claims ( #23805 )
2023-03-13 18:36:15 +01:00
Claire
0c9eac80d8
Fix unbounded recursion in post discovery ( #23506 )
...
* Add a limit to how many posts can get fetched as a result of a single request
* Add tests
* Always pass `request_id` when processing `Announce` activities
---------
Co-authored-by: nametoolong <nametoolong@users.noreply.github.com>
2023-02-10 22:16:37 +01:00
Nick Schonning
0592937264
Apply Rubocop Rails/WhereNot ( #23448 )
...
* Apply Rubocop Rails/WhereNot
* Update spec for where.not
2023-02-08 10:39:57 +01:00
Nick Schonning
1487fcde93
Apply Rubocop Style/ExpandPathArguments ( #23450 )
2023-02-08 07:06:20 +01:00
Nick Schonning
ed570050c6
Autofix Rails/EagerEvaluationLogMessage ( #23429 )
...
* Autofix Rails/EagerEvaluationLogMessage
* Update spec for debug block syntax
2023-02-07 03:44:36 +01:00
Claire
9edefc779f
Fix UserCleanupScheduler
crash when an unconfirmed account has a moderation note ( #23318 )
...
* Fix `UserCleanupScheduler` crash when an unconfirmed account has a moderation note
* Add tests
2023-02-07 01:14:44 +01:00
Claire
20a479ff7c
Change POST /settings/applications/:id
to regenerate token on scopes change ( #23359 )
...
Fixes #23096
2023-02-02 12:03:49 +01:00
Claire
13a2abacc8
Add roles
attribute to Account entities in REST API ( #23255 )
2023-01-25 19:55:40 +01:00
Claire
a5a00d7f7a
Fix email with empty domain name labels passing validation ( #23246 )
...
* Fix email with empty domain name labels passing validation
`EmailMxValidator` would allow empty labels because `Resolv::DNS` is
particularly lenient about them, but the email would be invalid and
unusable.
* Add tests
2023-01-24 20:18:41 +01:00
Claire
6883fddb19
Fix account activation being triggered before email confirmation ( #23245 )
...
* Add tests
* Fix account activation being triggered before email confirmation
Fixes #23098
2023-01-24 19:40:21 +01:00
Markus Unterwaditzer
f2a6e71bb6
Suppress AddressFamilyError in link verification ( #23204 )
...
* Suppress AddressFamilyError
* clarify comment
2023-01-23 13:05:54 +01:00
Claire
448be26b34
Add missing policy
attribute to WebPushSubscriptionSerializer
( #23210 )
...
* Add missing `policy` attribute to `WebPushSubscriptionSerializer`
Fixes #23145
* Add tests
2023-01-23 13:05:30 +01:00
Claire
68dcbcb7bf
Add more specific error messages to HTTP signature verification ( #21617 )
...
* Return specific error on failure to parse Date header
* Add error message when preferredUsername is not set
* Change error report to be JSON and include more details
* Change error report to differentiate unknown account and failed refresh
* Add tests
2023-01-18 16:47:56 +01:00
Claire
343e1fe8e9
Add confirmation screen when handling reports ( #22375 )
...
* Add confirmation screen on moderation actions
* Add flash notice when a report has been processed
* Refactor tests
* Add tests
2023-01-18 16:40:09 +01:00
Claire
4b92e59f4f
Add support for editing media description and focus point of already-posted statuses ( #20878 )
...
* Add backend support for editing media attachments of existing posts
* Allow editing media attachments of already-posted toots
* Add tests
2023-01-18 16:33:55 +01:00
Claire
fcc4c9b34a
Change domain block CSV parsing to be more robust and handle more lists ( #21470 )
...
* Change domain block CSV parsing to be more robust and handle more lists
* Add some tests
* Improve domain block import validation and reporting
2023-01-18 16:20:52 +01:00
Claire
21a1a8ee88
Fix crash when marking statuses as sensitive while some statuses are deleted ( #22134 )
...
* Do not offer to mark statuses as sensitive if there is no undeleted status with media attachments
* Fix crash when marking statuses as sensitive while some statuses are deleted
Fixes #21910
* Fix multiple strikes being created for a single report when selecting “Mark as sensitive”
* Add tests
2023-01-13 10:46:52 +01:00
Claire
15b88a83ab
Fix sanitizer parsing link text as HTML when stripping unsupported links ( #22558 )
2023-01-11 22:21:10 +01:00
Markus Unterwaditzer
0c689b9d01
fix: allow verification when page size exceeds 1MB (using HTML5 parser) ( #22879 )
...
* fix: allow verification when page size exceeds 1MB
Truncates the page after 1MB instead
Closes #15316
* switch to HTML5 parser, fix rubocop errors
* undo rubocop fixes
Co-authored-by: Chris Zubak-Skees <chriszs@gmail.com>
2023-01-11 21:59:13 +01:00
Claire
18fb01ef7c
Fix possible race conditions when suspending/unsuspending accounts ( #22363 )
...
* Fix possible race conditions when suspending/unsuspending accounts
* Fix tests
Tests were assuming SuspensionWorker and UnsuspensionWorker would do the
suspending/unsuspending themselves, but this has changed.
2023-01-05 13:47:21 +01:00
Jeong Arm
fdd1facba1
Fix home TL could contain post from who blocked me ( #22849 )
...
* Fix home tl contains post from who blocked me
* Add test
* Fix feed_manager's build_crutches
blocked_by was not includes status' owner
* Add test for status from I blocked
* Fix typo
2023-01-05 13:30:38 +01:00