Claire
ba5551fd1d
Improve email address validation ( #29838 )
2024-05-17 12:30:07 +02:00
Jeong Arm
3ff575f54c
Normalize idna domain before account unblock domain ( #29530 )
2024-05-17 12:30:07 +02:00
Claire
6f36b633a7
Merge pull request from GHSA-vm39-j3vx-pch3
...
* Prevent different identities from a same SSO provider from accessing a same account
* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`
* Rename methods to avoid confusion between OAuth and OmniAuth
2024-02-14 15:16:07 +01:00
Claire
d807b3960e
Merge pull request from GHSA-7w3c-p9j8-mq3x
...
* Ensure destruction of OAuth Applications notifies streaming
Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.
* Ensure password resets revoke access to Streaming API
* Improve performance of deleting OAuth tokens
---------
Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
2024-02-14 15:15:34 +01:00
Claire
2e4d43933d
Fix SQL query in /api/v1/directory
( #28412 )
2023-12-18 11:03:20 +01:00
Claire
613d00706c
Change GIF max matrix size error to explicitly mention GIF files ( #27927 )
2023-12-04 15:28:02 +01:00
Claire
1d835c9423
Fix posts from force-sensitized accounts being able to trend ( #27620 )
2023-12-04 15:28:02 +01:00
Claire
ab68df9af0
Fix hashtag matching pattern matching some URLs ( #27584 )
2023-12-04 15:28:02 +01:00
Claire
a89a25714d
Fix some link anchors being recognized as hashtags ( #27271 )
2023-12-04 15:28:02 +01:00
Matt Jankowski
335982325e
Dont match mention in url query string ( #25656 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-10-10 13:51:56 +02:00
Claire
f1d3eda159
Fix filtering audit log for entries about disabling 2FA ( #27186 )
2023-10-10 13:51:56 +02:00
Essem
c97fbabb61
Properly remove tIME chunk from PNG uploads ( #27111 )
2023-10-10 13:51:56 +02:00
Claire
f2fff6be66
Fix crash when filtering for “dormant” relationships ( #27306 )
2023-10-10 13:51:56 +02:00
Claire
b40c42fd1e
Fix inefficient queries in “Follows and followers” as well as several admin pages ( #27116 )
2023-10-10 13:51:56 +02:00
Claire
5fd89e53d2
Fix moderator rights inconsistencies ( #26729 )
2023-09-19 17:01:44 +02:00
Claire
34959eccd2
Fix cached posts including stale stats ( #26409 )
2023-09-19 17:01:44 +02:00
Emelia Smith
cf80d54cba
Allow reports with long comments from remote instances, but truncate ( #25028 )
2023-09-05 19:16:09 +02:00
Claire
53b979d5c7
Fix processing of media files with unusual names ( #25788 )
2023-07-07 19:37:21 +02:00
Claire
0aa0b71f2c
Merge pull request from GHSA-9928-3cp5-93fm
...
* Fix attachments getting processed despite failing content-type validation
* Add a restrictive ImageMagick security policy tailored for Mastodon
* Fix misdetection of MP3 files with large cover art
* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Claire
e65e3a6d14
Add finer permission requirements for managing webhooks ( #25463 )
2023-07-06 13:45:40 +02:00
Claire
7e58779300
Fix reports not being closed when performing batch suspensions ( #24988 )
2023-07-06 13:45:40 +02:00
Claire
b1ac3562df
Change Identity to not destroy associated User on destroy ( #25098 )
2023-07-06 13:45:40 +02:00
Claire
4c6c790f80
Fix /api/v1/conversations sometimes returning empty accounts ( #25499 )
2023-07-06 13:45:40 +02:00
Claire
036ac5b5c9
Fix ArgumentError when loading newer Private Mentions ( #25399 )
2023-07-06 13:45:40 +02:00
Claire
3e1724e972
Fix multiple N+1s in ConversationsController ( #25134 )
2023-07-06 13:45:40 +02:00
Claire
b9f271364e
Fix unescaped user input in LDAP query ( #24379 )
...
Fix CVE-2023-28853
2023-04-04 12:41:27 +02:00
Claire
ae64c5b7ec
Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support ( #24200 )
2023-04-04 12:41:27 +02:00
Eugen Rochko
6db76875fd
Change user backups to use expiring URLs for download when possible ( #24136 )
2023-03-16 22:48:42 +01:00
Claire
675c24a34e
Fix unconfirmed accounts being registered as active users ( #23803 )
2023-03-13 18:40:55 +01:00
Claire
aff3f850de
Fix server error when failing to follow back followers from /relationships
( #23787 )
2023-03-13 18:39:35 +01:00
Claire
69564db447
Fix inefficiency when searching accounts per username in admin interface ( #23801 )
2023-03-13 18:38:01 +01:00
Claire
0dc342df81
Fix “Remove all followers from the selected domains” being more destructive than it claims ( #23805 )
2023-03-13 18:36:15 +01:00
Claire
a9c220242b
Fix admin-set follow recommandations being case-sensitive ( #23500 )
...
Fixes #23472
2023-02-10 11:14:58 +01:00
Claire
67de888bad
Fix server status URL being a required server setting ( #23499 )
2023-02-10 10:20:43 +01:00
Nick Schonning
0592937264
Apply Rubocop Rails/WhereNot ( #23448 )
...
* Apply Rubocop Rails/WhereNot
* Update spec for where.not
2023-02-08 10:39:57 +01:00
Nick Schonning
0d1f192c54
Apply Rubocop Performance/BlockGivenWithExplicitBlock ( #23441 )
...
* Apply Rubocop Performance/BlockGivenWithExplicitBlock
* Unprefix used block parameter
2023-02-08 10:36:23 +01:00
Nick Schonning
f68bb52556
Apply Rubocop Style/NegatedIfElseCondition ( #23451 )
2023-02-08 07:07:36 +01:00
Nick Schonning
8c1b65c7dd
Apply Rubocop Style/RedundantAssignment ( #23452 )
2023-02-08 07:06:50 +01:00
Nick Schonning
cec005068f
Apply Rubocop Performance/RedundantBlockCall ( #23440 )
2023-02-08 00:58:18 +01:00
Nick Schonning
ed570050c6
Autofix Rails/EagerEvaluationLogMessage ( #23429 )
...
* Autofix Rails/EagerEvaluationLogMessage
* Update spec for debug block syntax
2023-02-07 03:44:36 +01:00
Eugen Rochko
8f590b0a21
Add setting for status page URL ( #23390 )
2023-02-04 04:56:06 +01:00
Claire
13a2abacc8
Add roles
attribute to Account entities in REST API ( #23255 )
2023-01-25 19:55:40 +01:00
Claire
6883fddb19
Fix account activation being triggered before email confirmation ( #23245 )
...
* Add tests
* Fix account activation being triggered before email confirmation
Fixes #23098
2023-01-24 19:40:21 +01:00
Jeong Arm
a1abda39dd
Fix Account Strike causing PG not null validation error ( #23178 )
2023-01-21 10:22:22 +01:00
Claire
3970a6f433
Add option to make the landing page be /about even when trends are enabled ( #20808 )
...
* Add option to make the landing page be /about even when trends are enabled
* Restablish /explore as landing page by default
2023-01-18 16:43:58 +01:00
Claire
343e1fe8e9
Add confirmation screen when handling reports ( #22375 )
...
* Add confirmation screen on moderation actions
* Add flash notice when a report has been processed
* Refactor tests
* Add tests
2023-01-18 16:40:09 +01:00
Claire
d1387579b9
Fix situations in which instance actor can be set to a Mastodon-incompatible name ( #22307 )
...
* Validate internal actor
* Use “internal.actor” by default for the server actor username
* Fix instance actor username on the fly if it includes ':'
* Change actor name from internal.actor to mastodon.internal
2023-01-18 16:33:03 +01:00
Claire
fcc4c9b34a
Change domain block CSV parsing to be more robust and handle more lists ( #21470 )
...
* Change domain block CSV parsing to be more robust and handle more lists
* Add some tests
* Improve domain block import validation and reporting
2023-01-18 16:20:52 +01:00
David Freedman
ff70e50199
Don't crash on unobtainable avatars ( #22462 )
2023-01-13 16:40:06 +01:00
Claire
21a1a8ee88
Fix crash when marking statuses as sensitive while some statuses are deleted ( #22134 )
...
* Do not offer to mark statuses as sensitive if there is no undeleted status with media attachments
* Fix crash when marking statuses as sensitive while some statuses are deleted
Fixes #21910
* Fix multiple strikes being created for a single report when selecting “Mark as sensitive”
* Add tests
2023-01-13 10:46:52 +01:00