Commit graph

7218 commits

Author SHA1 Message Date
Claire
f2fff6be66 Fix crash when filtering for “dormant” relationships (#27306) 2023-10-10 13:51:56 +02:00
Claire
b40c42fd1e Fix inefficient queries in “Follows and followers” as well as several admin pages (#27116) 2023-10-10 13:51:56 +02:00
Claire
5d93c5f019
Fix post translation erroring out (v4.1.x) (#26990) 2023-09-20 15:59:57 +02:00
Claire
d6c0ae995c Fix post edits not being forwarded as expected (#26936) 2023-09-19 17:01:44 +02:00
Claire
5fd89e53d2 Fix moderator rights inconsistencies (#26729) 2023-09-19 17:01:44 +02:00
Claire
5caade9fb0 Fix crash when encountering invalid URL (#26814) 2023-09-19 17:01:44 +02:00
Claire
34959eccd2 Fix cached posts including stale stats (#26409) 2023-09-19 17:01:44 +02:00
Nicolai Søborg
21bf42bca1 Fix frame_rate for videos where ffprobe reports 0/0 (#26500) 2023-09-19 17:01:44 +02:00
Claire
48ee3ae13d
Merge pull request from GHSA-v3xf-c9qf-j667 2023-09-19 16:53:58 +02:00
Claire
5f9511c389
Merge pull request from GHSA-2693-xr3m-jhqr 2023-09-19 16:53:21 +02:00
Emelia Smith
cf80d54cba Allow reports with long comments from remote instances, but truncate (#25028) 2023-09-05 19:16:09 +02:00
Daniel M Brasil
ea7fa048f3 Fix /api/v1/timelines/tag/:hashtag allowing for unauthenticated access when public preview is disabled (#26237) 2023-09-05 19:16:09 +02:00
Claire
6339806f05 Fix blocking subdomains of an already-blocked domain (#26392) 2023-09-05 19:16:09 +02:00
Claire
86afbf25d0 Change text extraction in PlainTextFormatter to be faster (#26727) 2023-09-05 19:16:09 +02:00
Claire
6c321bb5e1 Fix incorrect connect timeout in outgoing requests (#26116) 2023-07-31 14:33:06 +02:00
Claire
d94a2c8aca Change request timeout handling to use a longer deadline (#26055) 2023-07-21 16:07:43 +02:00
Claire
13ec425b72 Fix remote accounts being possibly persisted to database with incomplete protocol values (#25886) 2023-07-21 16:07:43 +02:00
Michael Stanclift
7a99f0744d Fix trending publishers table not rendering correctly on narrow screens (#25945) 2023-07-21 16:07:43 +02:00
Claire
53b979d5c7 Fix processing of media files with unusual names (#25788) 2023-07-07 19:37:21 +02:00
Claire
f2bbac3f9f Fix crash in admin interface when viewing a remote user with verified links (#25796) 2023-07-07 19:37:21 +02:00
Claire
32ebeed59b
Merge pull request from GHSA-55j9-c3mp-6fcq 2023-07-06 15:06:50 +02:00
Claire
e75ad1de0f
Merge pull request from GHSA-9pxv-6qvf-pjwc
* Fix timeout handling of outbound HTTP requests

* Use CLOCK_MONOTONIC instead of Time.now
2023-07-06 15:06:24 +02:00
Claire
0aa0b71f2c
Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Claire
c4f2609f7a
Merge pull request from GHSA-ccm4-vgcc-73hp
* Tighten allowed HTML in oEmbed-based preview cards

* Sanitize preview cards at render time

* Add `sandbox` attribute to preview card iframes
2023-07-06 15:03:33 +02:00
Claire
a3d69a2c5d Fix OAuth apps page crashing when listing apps with certain admin API scopes (#25713) 2023-07-06 13:45:40 +02:00
Vyr Cossont
652ff76462 Fix Redis client and type errors introduced in #24285 (#24342) 2023-07-06 13:45:40 +02:00
Vyr Cossont
6f484fbbd2 IndexingScheduler: fetch and import in batches (#24285)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-07-06 13:45:40 +02:00
Claire
79f5b8f156 Fix ResolveURLService not resolving local URLs for remote content (#25637) 2023-07-06 13:45:40 +02:00
Claire
f8930a67a0 Change /api/v1/statuses/:id/history to always return at least one item (#25510) 2023-07-06 13:45:40 +02:00
Claire
e65e3a6d14 Add finer permission requirements for managing webhooks (#25463) 2023-07-06 13:45:40 +02:00
Claire
8acbfc6ab1 Fix wrong view being displayed when a webhook fails validation (#25464) 2023-07-06 13:45:40 +02:00
Emelia Smith
3ef53958b2 Prevent UserCleanupScheduler from overwhelming streaming (#25519) 2023-07-06 13:45:40 +02:00
Daniel M Brasil
fd1ffd72eb Fix incorrect pagination headers in /api/v2/admin/accounts (#25477) 2023-07-06 13:45:40 +02:00
Claire
7bd34f8b23 Fix infinite loop in AccountsStatusesCleanupScheduler (#24840) 2023-07-06 13:45:40 +02:00
Claire
7012bf6ed3 Improve automatic post cleanup worker performances (#24785) 2023-07-06 13:45:40 +02:00
Claire
d9e45f2fa9 Fix AccountsStatusesCleanupScheduler not spreading deletes across accounts correctly (#24607) 2023-07-06 13:45:40 +02:00
Claire
0e139e3c4d Change automatic post deletion thresholds and load detection (#24614) 2023-07-06 13:45:40 +02:00
Claire
2779bce9a2 Add fallback redirection when getting a webfinger query LOCAL_DOMAIN@LOCAL_DOMAIN (#23600)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-07-06 13:45:40 +02:00
Claire
210ff36860 Change AccessTokensVacuum to also delete expired tokens (#24868) 2023-07-06 13:45:40 +02:00
Claire
99c2bbbec9 Change profile updates to be sent to recently-mentioned servers (#24852) 2023-07-06 13:45:40 +02:00
Claire
7e58779300 Fix reports not being closed when performing batch suspensions (#24988) 2023-07-06 13:45:40 +02:00
Claire
cca464bce3 Fix being able to vote on your own polls (#25015) 2023-07-06 13:45:40 +02:00
Claire
1301af60e0 Fix race condition when reblogging a status (#25016) 2023-07-06 13:45:40 +02:00
Claire
f962e83856 Change OpenGraph-based embeds to allow fullscreen (#25058) 2023-07-06 13:45:40 +02:00
Claire
b3cbcd7447 Fix “Authorized applications” inefficiently and incorrectly getting last use date (#25060) 2023-07-06 13:45:40 +02:00
Claire
72d96bf17a Remove invalid X-Frame-Options: ALLOWALL (#25070) 2023-07-06 13:45:40 +02:00
Claire
b1ac3562df Change Identity to not destroy associated User on destroy (#25098) 2023-07-06 13:45:40 +02:00
Claire
4c6c790f80 Fix /api/v1/conversations sometimes returning empty accounts (#25499) 2023-07-06 13:45:40 +02:00
Claire
036ac5b5c9 Fix ArgumentError when loading newer Private Mentions (#25399) 2023-07-06 13:45:40 +02:00
Claire
3e1724e972 Fix multiple N+1s in ConversationsController (#25134) 2023-07-06 13:45:40 +02:00
Claire
bc8592627b Fix user archive takeouts when using OpenStack Swift (#24431) 2023-07-06 13:45:40 +02:00
Claire
b9f271364e Fix unescaped user input in LDAP query (#24379)
Fix CVE-2023-28853
2023-04-04 12:41:27 +02:00
Claire
51572ac615 Fix invalid/expired invites being processed on sign-up (#24337) 2023-04-04 12:41:27 +02:00
Claire
ae64c5b7ec Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (#24200) 2023-04-04 12:41:27 +02:00
Claire
6a7b91a038 Add warning for object storage misconfiguration (#24137) 2023-03-16 22:48:42 +01:00
Eugen Rochko
6db76875fd Change user backups to use expiring URLs for download when possible (#24136) 2023-03-16 22:48:42 +01:00
Claire
8c4ea7d715 Fix misleading error code when receiving invalid WebAuthn credentials (#23568) 2023-03-16 11:45:53 +01:00
Claire
cc65f32714 Fix incorrect post links in strikes when the account is remote (#23611) 2023-03-16 11:45:33 +01:00
Claire
0363064501 Fix dashboard crash on ElasticSearch server error (#23751) 2023-03-16 11:45:01 +01:00
Claire
6962d117b7 Change ActivityPub::DeliveryWorker retries to be spread out more (#21956) 2023-03-13 18:49:50 +01:00
Terry Garcia
a54bd84690 Switched bookmark and favourites around (#23701) 2023-03-13 18:49:27 +01:00
Claire
68af19c328 Change auto-deletion throttling constants to better scale with server size (#23320) 2023-03-13 18:49:01 +01:00
Tim Lucas
a133570b26 Increase contrast of upload progress background (#23836) 2023-03-13 18:48:21 +01:00
PauloVilarinho
9972eb41ae add modal message when editing toot (#23936)
Co-authored-by: PauloVilarinho <paulotarsobranco@hotmail.com>
2023-03-13 18:48:06 +01:00
Claire
cec59417d7 Add mail headers to avoid auto-replies (#23597) 2023-03-13 18:47:28 +01:00
Claire
9377c4a87c Add lang tag to native language names in language picker (#23749) 2023-03-13 18:47:14 +01:00
Christian Schmidt
3f2e31800e Unescape HTML entities (#24019) 2023-03-13 18:45:42 +01:00
Christian Schmidt
92a26638eb Do not strip tags from Setting.site_short_description (#23975) 2023-03-13 18:44:38 +01:00
Rodion Borisov
14bcd14289 Center the text itself in upload area (#24029) 2023-03-13 18:43:54 +01:00
Christian Schmidt
37a28ba203 Do not leave Mastodon when clicking “Back” (#23953) 2023-03-13 18:42:29 +01:00
Claire
4cec3ad9b8 Fix original account being unfollowed on migration before the follow request could be sent (#21957) 2023-03-13 18:41:40 +01:00
Claire
675c24a34e Fix unconfirmed accounts being registered as active users (#23803) 2023-03-13 18:40:55 +01:00
Claire
63532d9883 Fix error when displaying post history of a trendable post in the admin interface (#23574) 2023-03-13 18:39:51 +01:00
Claire
aff3f850de Fix server error when failing to follow back followers from /relationships (#23787) 2023-03-13 18:39:35 +01:00
Claire
b52746e64b Fix duplicate “Publish” button on mobile (#23804) 2023-03-13 18:38:18 +01:00
Claire
69564db447 Fix inefficiency when searching accounts per username in admin interface (#23801) 2023-03-13 18:38:01 +01:00
Botao Wang
00208b23b1 Fix sidebar cut-off on small screens in admin UI (#23764) 2023-03-13 18:37:40 +01:00
Claire
900790184a Fix focus point of already-attached media not saving after edit (#23566) 2023-03-13 18:37:26 +01:00
Dean Bassett
11d6663025 Fix case-sensitive check for previously used hashtags (#23526) 2023-03-13 18:37:13 +01:00
Claire
0dc342df81 Fix “Remove all followers from the selected domains” being more destructive than it claims (#23805) 2023-03-13 18:36:15 +01:00
Claire
0c9eac80d8
Fix unbounded recursion in post discovery (#23506)
* Add a limit to how many posts can get fetched as a result of a single request

* Add tests

* Always pass `request_id` when processing `Announce` activities

---------

Co-authored-by: nametoolong <nametoolong@users.noreply.github.com>
2023-02-10 22:16:37 +01:00
Claire
bae17ebe5e
Fix attached media uploads not being cleared when replying to a post (#23504) 2023-02-10 22:03:35 +01:00
Eugen Rochko
71ae17e8f5
New Crowdin updates (#23413)
* New translations en.json (Esperanto)

* New translations en.yml (Slovak)

* New translations en.json (Burmese)

* New translations en.yml (Korean)

* New translations en.json (Burmese)

* New translations en.json (Burmese)

* New translations en.yml (Finnish)

* New translations simple_form.en.yml (Finnish)

* New translations en.json (Burmese)

* New translations en.yml (Burmese)

* New translations en.yml (Burmese)

* New translations en.json (Burmese)

* New translations activerecord.en.yml (Burmese)

* New translations en.yml (Burmese)

* New translations activerecord.en.yml (Burmese)

* New translations en.json (German)

* New translations simple_form.en.yml (German)

* New translations en.json (Catalan)

* New translations en.yml (Burmese)

* New translations en.yml (Burmese)

* New translations en.yml (Russian)

* New translations doorkeeper.en.yml (Russian)

* New translations simple_form.en.yml (Russian)

* New translations en.json (Russian)

* New translations en.json (Belarusian)

* New translations en.json (Belarusian)

* New translations en.json (Esperanto)

* New translations en.yml (Esperanto)

* New translations doorkeeper.en.yml (Korean)

* New translations en.json (Burmese)

* New translations en.yml (Slovak)

* New translations en.yml (Belarusian)

* New translations simple_form.en.yml (Belarusian)

* New translations simple_form.en.yml (Esperanto)

* New translations doorkeeper.en.yml (Esperanto)

* New translations activerecord.en.yml (Esperanto)

* New translations devise.en.yml (Esperanto)

* New translations en.yml (English, United Kingdom)

* New translations en.yml (Asturian)

* New translations simple_form.en.yml (Asturian)

* New translations en.yml (Asturian)

* New translations doorkeeper.en.yml (Asturian)

* New translations en.json (Asturian)

* New translations en.yml (Asturian)

* New translations en.json (Asturian)

* New translations en.json (Korean)

* New translations en.yml (Korean)

* New translations en.json (Korean)

* New translations en.yml (Korean)

* New translations devise.en.yml (Korean)

* New translations simple_form.en.yml (Korean)

* New translations en.json (Welsh)

* New translations en.yml (Welsh)

* New translations simple_form.en.yml (Welsh)

* New translations activerecord.en.yml (Welsh)

* New translations devise.en.yml (Welsh)

* New translations doorkeeper.en.yml (Welsh)

* New translations en.yml (Burmese)

* New translations en.yml (Burmese)

* New translations en.yml (Burmese)

* New translations en.json (Silesian)

* New translations en.yml (Occitan)

* New translations en.yml (Turkish)

* New translations simple_form.en.yml (Turkish)

* New translations en.json (Occitan)

* New translations activerecord.en.yml (Turkish)

* New translations doorkeeper.en.yml (Turkish)

* Normalize

* Remove unused locales

---------

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2023-02-11 05:42:08 +09:00
Claire
a9c220242b
Fix admin-set follow recommandations being case-sensitive (#23500)
Fixes #23472
2023-02-10 11:14:58 +01:00
Claire
67de888bad
Fix server status URL being a required server setting (#23499) 2023-02-10 10:20:43 +01:00
Claire
832595d1e7
Remove posts count and last posts from ActivityPub representation of hashtag collections (#23460) 2023-02-08 17:57:25 +01:00
Nick Schonning
0592937264
Apply Rubocop Rails/WhereNot (#23448)
* Apply Rubocop Rails/WhereNot

* Update spec for where.not
2023-02-08 10:39:57 +01:00
Nick Schonning
0d1f192c54
Apply Rubocop Performance/BlockGivenWithExplicitBlock (#23441)
* Apply Rubocop Performance/BlockGivenWithExplicitBlock

* Unprefix used block parameter
2023-02-08 10:36:23 +01:00
Nick Schonning
26ac2447b4
Apply Rubocop Style/EmptyElse (#23449) 2023-02-08 07:08:39 +01:00
Nick Schonning
f68bb52556
Apply Rubocop Style/NegatedIfElseCondition (#23451) 2023-02-08 07:07:36 +01:00
Nick Schonning
8c1b65c7dd
Apply Rubocop Style/RedundantAssignment (#23452) 2023-02-08 07:06:50 +01:00
Nick Schonning
d3f59f52c3
Apply Rubocop Performance/StringReplacement (#23445) 2023-02-08 03:21:21 +01:00
Nick Schonning
203739dd3a
Apply Rubocop Performance/StringIdentifierArgument (#23444) 2023-02-08 02:36:20 +01:00
Nick Schonning
2e652aa81c
Apply Rubocop Performance/RedundantSplitRegexpArgument (#23443)
* Apply Rubocop Performance/RedundantSplitRegexpArgument

* Update app/controllers/concerns/signature_verification.rb
2023-02-08 02:25:20 +01:00
Nick Schonning
ef8988aef2
Apply Rubocop Performance/DoubleStartEndWith (#23442) 2023-02-08 10:06:48 +09:00
Nick Schonning
cec005068f
Apply Rubocop Performance/RedundantBlockCall (#23440) 2023-02-08 00:58:18 +01:00
Nick Schonning
ed570050c6
Autofix Rails/EagerEvaluationLogMessage (#23429)
* Autofix Rails/EagerEvaluationLogMessage

* Update spec for debug block syntax
2023-02-07 03:44:36 +01:00
Claire
9edefc779f
Fix UserCleanupScheduler crash when an unconfirmed account has a moderation note (#23318)
* Fix `UserCleanupScheduler` crash when an unconfirmed account has a moderation note

* Add tests
2023-02-07 01:14:44 +01:00
Jeong Arm
523a86618f
Fix account serializer crash if account doesn't have a user (#23428) 2023-02-07 01:03:26 +01:00
Claire
bb89f0af8a
Fix ActivityPub::ProcessingWorker error on incoming malformed JSON-LD (#23416) 2023-02-06 21:00:58 +01:00