Claire
2119aadf0a
Merge pull request from GHSA-9928-3cp5-93fm
...
* Fix attachments getting processed despite failing content-type validation
* Add a restrictive ImageMagick security policy tailored for Mastodon
* Fix misdetection of MP3 files with large cover art
* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Claire
04f76675d1
Add finer permission requirements for managing webhooks ( #25463 )
2023-07-06 13:45:58 +02:00
Claire
eceb960744
Change Identity to not destroy associated User on destroy ( #25098 )
2023-07-06 13:45:58 +02:00
Claire
ebe009ff09
Fix /api/v1/conversations sometimes returning empty accounts ( #25499 )
2023-07-06 13:45:58 +02:00
Claire
2617c33fc3
Fix ArgumentError when loading newer Private Mentions ( #25399 )
2023-07-06 13:45:58 +02:00
Claire
d81b891fa8
Fix multiple N+1s in ConversationsController ( #25134 )
2023-07-06 13:45:58 +02:00
Claire
05c45e9eeb
Fix unescaped user input in LDAP query ( #24379 )
...
Fix CVE-2023-28853
2023-04-04 12:39:56 +02:00
Claire
aa37eeadf3
Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support ( #24200 )
2023-04-04 12:39:56 +02:00
Eugen Rochko
a6217bd035
Change user backups to use expiring URLs for download when possible ( #24136 )
2023-03-16 22:49:35 +01:00
Claire
11f04e3b97
Fix unconfirmed accounts being registered as active users ( #23803 )
2023-03-14 09:58:47 +01:00
Claire
c22c4247d9
Fix server error when failing to follow back followers from /relationships
( #23787 )
2023-03-14 09:58:26 +01:00
Claire
348599a543
Fix inefficiency when searching accounts per username in admin interface ( #23801 )
2023-03-14 09:58:13 +01:00
Claire
e2103c9175
Fix “Remove all followers from the selected domains” being more destructive than it claims ( #23805 )
2023-03-14 09:50:57 +01:00
Eugen Rochko
552d69ad96
Fix error when invalid domain name is submitted ( #19474 )
...
Fix #19175
2022-11-14 08:07:14 +01:00
Eugen Rochko
b31afc6294
Fix error when passing unknown filter param in REST API ( #20626 )
...
Fix #19156
2022-11-14 08:06:06 +01:00
Eugen Rochko
5c826c408d
Fix image type not being set after conversion for convertible image types ( #20624 )
2022-11-14 07:13:14 +01:00
Eugen Rochko
2e2ba39abf
Fix rules with same priority being sorted non-deterministically ( #20623 )
2022-11-14 06:28:19 +01:00
Jeong Arm
c4c1bee880
Fix trendable status without review ( #20214 )
2022-11-11 21:24:10 +01:00
Emily Strickland
96f51e593f
Guard against error extracting body
from URL ( #20428 )
...
If `Nokogiri::HTML(value).at_xpath('//body')` fails to find the `body` element, it will return `nil`. We can guard against that with an early return. Avoids calling `children` on `Nilclass` in those cases.
2022-11-11 21:22:28 +01:00
Eugen Rochko
9bc0a6c861
Fix metadata scrubbing removing color profile from images ( #20389 )
2022-11-11 09:20:10 +01:00
Claire
86f6631d28
Remove dead code and refactor status threading code ( #20357 )
...
* Remove dead code
* Remove unneeded/broken parameters and refactor descendant computation
2022-11-10 22:30:00 +01:00
Eugen Rochko
c6c7c6223d
Change verification to only work for https links ( #20304 )
...
Fix #20242
2022-11-10 21:09:03 +01:00
Eugen Rochko
9965a23b04
Change link verification to ignore IDN domains ( #20295 )
...
Fix #3833
2022-11-10 06:27:45 +01:00
James Tucker
78a6b871fe
Improve performance by avoiding regex construction ( #20215 )
...
```ruby
10.times { p /#{FOO}/.object_id }
10.times { p FOO_RE.object_id }
```
2022-11-10 05:49:30 +01:00
Eugen Rochko
0cd0786aef
Revert filtering public timelines by locale by default ( #20294 )
2022-11-10 05:34:42 +01:00
Eugen Rochko
e98833748e
Fix being able to spoof link verification ( #20217 )
...
- Change verification to happen in `default` queue
- Change verification worker to only be queued if there's something to do
- Add `link` tags from metadata fields to page header of profiles
2022-11-09 08:24:21 +01:00
Postmodern
ca80beb653
Micro-optimization: use if
/else
instead of Array#compact
and Array#min
( #19906 )
...
* Technically `if`/`else` is faster than using `[value1, value2].compact.min` to find the lesser of two values, one of which may be `nil`.
2022-11-08 03:50:47 +01:00
Claire
bbf74498f5
Fix validation error in SynchronizeFeaturedTagsCollectionWorker ( #20018 )
...
* Fix followers count not being updated when migrating follows
Fixes #19900
* Fix validation error in SynchronizeFeaturedTagsCollectionWorker
Also saves remote user's chosen case for hashtags
* Limit remote featured tags before validation
2022-11-07 22:35:53 +01:00
Postmodern
106648b456
Micro-optimization: only split acct
into two Strings ( #19901 )
...
* Since `acct` is split by `@` and assigned to `username` and `domain`, we only need to split `acct` into two Strings.
2022-11-07 16:17:55 +01:00
nightpool
54f0f1b9ef
Skip Webfinger cache during migrations as well ( #19883 )
2022-11-07 03:31:38 +01:00
Eugen Rochko
3151b260e2
Fix not using GIN index for account search queries ( #19830 )
2022-11-06 06:16:34 +01:00
Claire
c2170991c7
Fix reblogs being discarded after the reblogged status ( #19731 )
2022-11-04 16:31:44 +01:00
Eugen Rochko
b1a219552e
Fix featured tags not saving preferred casing ( #19732 )
2022-11-04 16:08:29 +01:00
Claire
125322718b
Fix inaccurate admin log entry for re-sending confirmation e-mails ( #19674 )
...
Fixes #19593
2022-11-02 18:50:21 +01:00
txt-file
0f5e6dd02b
Add support for AVIF uploads ( #19647 )
2022-11-01 22:08:41 +01:00
Eugen Rochko
ae07cfb868
Add support for HEIC uploads ( #19618 )
2022-11-01 16:26:25 +01:00
Eugen Rochko
15bae3e0e4
Change post-processing to be deferred only for large media types ( #19617 )
2022-11-01 15:27:58 +01:00
Eugen Rochko
d0ba77047e
Change max. thumbnail dimensions to 640x360px (360p) ( #19619 )
2022-11-01 13:01:39 +01:00
Eugen Rochko
26478f461c
Remove language filtering from hashtag timelines ( #19563 )
2022-10-30 21:29:23 +01:00
Eugen Rochko
ac9fb0d654
Add reputation and followers score boost to SQL-only account search ( #19251 )
2022-10-30 13:23:05 +01:00
Eugen Rochko
40c7f3e830
Fix account action type validation ( #19476 )
...
* Fix account action type validation
Fix #19143
* Fix #19145
* Fix code style issues
2022-10-30 02:44:32 +02:00
Eugen Rochko
3b024c563c
Fix not being able to input featured tag with #
( #19535 )
2022-10-30 02:43:20 +02:00
Eugen Rochko
dc5c86add7
Fix account migration form ever using outdated account data ( #18429 )
2022-10-29 01:31:45 +02:00
Claire
d9d722d74b
Change admin announcement edition interface to use datetime-local ( #18321 )
...
* Change admin announcement edition interface to use datetime-local
* Dynamically set announcement stop date as required if start date is set, set minimum date for stop date
* Change `all_day` to not be bound to presence of time-range
* Add pattern and placeholder as minimal fallback for browsers not supporting datetime-local
* Display datetime-local inputs as local time
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2022-10-28 12:56:32 +02:00
Eugen Rochko
07cc201acc
Fix using wrong policy on status-related actions in admin UI ( #19490 )
2022-10-28 00:48:30 +02:00
Eugen Rochko
5f733ad83a
Remove unused method searchable?
on accounts ( #19489 )
...
It called the wrong methods, but nothing uses it
2022-10-27 19:30:08 +02:00
Eugen Rochko
d2eb726962
Fix notifications about deleted reports not being also deleted ( #19475 )
...
* Fix notifications about deleted reports not being also deleted
* Fix notification with empty report crashing web UI
Fix #18909
2022-10-27 02:10:54 +02:00
zunda
52ebfb7792
Store integer settings as integer ( #19478 )
2022-10-26 22:14:07 +02:00
Eugen Rochko
f8ca3bb2a1
Add ability to view previous edits of a status in admin UI ( #19462 )
...
* Add ability to view previous edits of a status in admin UI
* Change moderator access to posts to be controlled by a separate policy
2022-10-26 13:42:29 +02:00
Eugen Rochko
487d81fb92
Fix IP blocks not having a unique index ( #19456 )
2022-10-25 21:43:44 +02:00