diff --git a/CHANGELOG.md b/CHANGELOG.md index 02adc4cbf..a6331d4c0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,14 @@ Changelog All notable changes to this project will be documented in this file. +## [4.0.6] - 2023-07-07 + +### Fixed + +- Fix branding:generate_app_icons failing because of disallowed ICO coder ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25794)) +- Fix crash in admin interface when viewing a remote user with verified links ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25796)) +- Fix processing of media files with unusual names ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/25788)) + ## [4.0.5] - 2023-07-06 ### Changed diff --git a/Gemfile.lock b/Gemfile.lock index c3f2eb8d1..b07905c92 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -412,7 +412,7 @@ GEM net-ssh (>= 2.6.5, < 8.0.0) net-ssh (7.0.1) nio4r (2.5.9) - nokogiri (1.15.2) + nokogiri (1.15.3) mini_portile2 (~> 2.8.2) racc (~> 1.4) nsa (0.2.8) @@ -602,7 +602,7 @@ GEM fugit (~> 1.1, >= 1.1.6) safety_net_attestation (0.4.0) jwt (~> 2.0) - sanitize (6.0.1) + sanitize (6.0.2) crass (~> 1.0.2) nokogiri (>= 1.12.0) scenic (1.6.0) diff --git a/app/lib/text_formatter.rb b/app/lib/text_formatter.rb index cdf8a48f7..e51266a08 100644 --- a/app/lib/text_formatter.rb +++ b/app/lib/text_formatter.rb @@ -60,7 +60,7 @@ class TextFormatter suffix = url[prefix.length + 30..-1] cutoff = url[prefix.length..-1].length > 30 - <<~HTML.squish + <<~HTML.squish.html_safe # rubocop:disable Rails/OutputSafety #{h(display_url)} HTML rescue Addressable::URI::InvalidURIError, IDN::Idna::IdnaError diff --git a/app/models/concerns/attachmentable.rb b/app/models/concerns/attachmentable.rb index 35819003e..662b2ef52 100644 --- a/app/models/concerns/attachmentable.rb +++ b/app/models/concerns/attachmentable.rb @@ -24,7 +24,7 @@ module Attachmentable def self.has_attached_file(name, options = {}) # rubocop:disable Naming/PredicateName super(name, options) - send(:"before_#{name}_validate") do + send(:"before_#{name}_validate", prepend: true) do attachment = send(name) check_image_dimension(attachment) set_file_content_type(attachment) diff --git a/lib/mastodon/version.rb b/lib/mastodon/version.rb index 396842730..2c32cc3ab 100644 --- a/lib/mastodon/version.rb +++ b/lib/mastodon/version.rb @@ -13,7 +13,7 @@ module Mastodon end def patch - 5 + 6 end def flags diff --git a/lib/tasks/branding.rake b/lib/tasks/branding.rake index 2eec7c9e1..886cfd39d 100644 --- a/lib/tasks/branding.rake +++ b/lib/tasks/branding.rake @@ -40,7 +40,7 @@ namespace :branding do output_dest = Rails.root.join('app', 'javascript', 'icons') rsvg_convert = Terrapin::CommandLine.new('rsvg-convert', '-w :size -h :size --keep-aspect-ratio :input -o :output') - convert = Terrapin::CommandLine.new('convert', ':input :output') + convert = Terrapin::CommandLine.new('convert', ':input :output', environment: { 'MAGICK_CONFIGURE_PATH' => nil }) favicon_sizes = [16, 32, 48] apple_icon_sizes = [57, 60, 72, 76, 114, 120, 144, 152, 167, 180, 1024] diff --git a/spec/fixtures/files/attachment-jpg.123456_abcd b/spec/fixtures/files/attachment-jpg.123456_abcd new file mode 100644 index 000000000..f1d40539a Binary files /dev/null and b/spec/fixtures/files/attachment-jpg.123456_abcd differ diff --git a/spec/requests/api/v2/media_spec.rb b/spec/requests/api/v2/media_spec.rb new file mode 100644 index 000000000..89384d0ca --- /dev/null +++ b/spec/requests/api/v2/media_spec.rb @@ -0,0 +1,18 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe 'Media API', paperclip_processing: true do + let(:user) { Fabricate(:user) } + let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) } + let(:scopes) { 'write' } + let(:headers) { { 'Authorization' => "Bearer #{token.token}" } } + + describe 'POST /api/v2/media' do + it 'returns http success' do + post '/api/v2/media', headers: headers, params: { file: fixture_file_upload('attachment-jpg.123456_abcd', 'image/jpeg') } + expect(File.exist?(user.account.media_attachments.first.file.path(:small))).to be true + expect(response).to have_http_status(200) + end + end +end