Commit graph

1458 commits

Author SHA1 Message Date
Claire f2fff6be66 Fix crash when filtering for “dormant” relationships (#27306) 2023-10-10 13:51:56 +02:00
Claire d6c0ae995c Fix post edits not being forwarded as expected (#26936) 2023-09-19 17:01:44 +02:00
Claire 5fd89e53d2 Fix moderator rights inconsistencies (#26729) 2023-09-19 17:01:44 +02:00
Claire 34959eccd2 Fix cached posts including stale stats (#26409) 2023-09-19 17:01:44 +02:00
Emelia Smith cf80d54cba Allow reports with long comments from remote instances, but truncate (#25028) 2023-09-05 19:16:09 +02:00
Daniel M Brasil ea7fa048f3 Fix /api/v1/timelines/tag/:hashtag allowing for unauthenticated access when public preview is disabled (#26237) 2023-09-05 19:16:09 +02:00
Claire 889102013f Fix CSP headers being unintendedly wide (#26105) 2023-07-21 16:07:43 +02:00
Claire 53b979d5c7 Fix processing of media files with unusual names (#25788) 2023-07-07 19:37:21 +02:00
Claire 0aa0b71f2c
Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Renaud Chaput 8eb1bb8ba6 Allow carets in URL search params (#25216) 2023-07-06 13:45:40 +02:00
Claire 79f5b8f156 Fix ResolveURLService not resolving local URLs for remote content (#25637) 2023-07-06 13:45:40 +02:00
Claire f8930a67a0 Change /api/v1/statuses/:id/history to always return at least one item (#25510) 2023-07-06 13:45:40 +02:00
Daniel M Brasil fd1ffd72eb Fix incorrect pagination headers in /api/v2/admin/accounts (#25477) 2023-07-06 13:45:40 +02:00
Claire 7bd34f8b23 Fix infinite loop in AccountsStatusesCleanupScheduler (#24840) 2023-07-06 13:45:40 +02:00
Claire 7012bf6ed3 Improve automatic post cleanup worker performances (#24785) 2023-07-06 13:45:40 +02:00
Claire d9e45f2fa9 Fix AccountsStatusesCleanupScheduler not spreading deletes across accounts correctly (#24607) 2023-07-06 13:45:40 +02:00
Claire 2779bce9a2 Add fallback redirection when getting a webfinger query LOCAL_DOMAIN@LOCAL_DOMAIN (#23600)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-07-06 13:45:40 +02:00
Claire 210ff36860 Change AccessTokensVacuum to also delete expired tokens (#24868) 2023-07-06 13:45:40 +02:00
Claire 99c2bbbec9 Change profile updates to be sent to recently-mentioned servers (#24852) 2023-07-06 13:45:40 +02:00
Claire 7e58779300 Fix reports not being closed when performing batch suspensions (#24988) 2023-07-06 13:45:40 +02:00
Claire 4c6c790f80 Fix /api/v1/conversations sometimes returning empty accounts (#25499) 2023-07-06 13:45:40 +02:00
Claire 036ac5b5c9 Fix ArgumentError when loading newer Private Mentions (#25399) 2023-07-06 13:45:40 +02:00
Claire 8c4ea7d715 Fix misleading error code when receiving invalid WebAuthn credentials (#23568) 2023-03-16 11:45:53 +01:00
Claire 68af19c328 Change auto-deletion throttling constants to better scale with server size (#23320) 2023-03-13 18:49:01 +01:00
Christian Schmidt 3f2e31800e Unescape HTML entities (#24019) 2023-03-13 18:45:42 +01:00
Claire 0dc342df81 Fix “Remove all followers from the selected domains” being more destructive than it claims (#23805) 2023-03-13 18:36:15 +01:00
Claire 0c9eac80d8
Fix unbounded recursion in post discovery (#23506)
* Add a limit to how many posts can get fetched as a result of a single request

* Add tests

* Always pass `request_id` when processing `Announce` activities

---------

Co-authored-by: nametoolong <nametoolong@users.noreply.github.com>
2023-02-10 22:16:37 +01:00
Nick Schonning 0592937264
Apply Rubocop Rails/WhereNot (#23448)
* Apply Rubocop Rails/WhereNot

* Update spec for where.not
2023-02-08 10:39:57 +01:00
Nick Schonning 1487fcde93
Apply Rubocop Style/ExpandPathArguments (#23450) 2023-02-08 07:06:20 +01:00
Nick Schonning ed570050c6
Autofix Rails/EagerEvaluationLogMessage (#23429)
* Autofix Rails/EagerEvaluationLogMessage

* Update spec for debug block syntax
2023-02-07 03:44:36 +01:00
Claire 9edefc779f
Fix UserCleanupScheduler crash when an unconfirmed account has a moderation note (#23318)
* Fix `UserCleanupScheduler` crash when an unconfirmed account has a moderation note

* Add tests
2023-02-07 01:14:44 +01:00
Claire 20a479ff7c
Change POST /settings/applications/:id to regenerate token on scopes change (#23359)
Fixes #23096
2023-02-02 12:03:49 +01:00
Claire 13a2abacc8
Add roles attribute to Account entities in REST API (#23255) 2023-01-25 19:55:40 +01:00
Claire a5a00d7f7a
Fix email with empty domain name labels passing validation (#23246)
* Fix email with empty domain name labels passing validation

`EmailMxValidator` would allow empty labels because `Resolv::DNS` is
particularly lenient about them, but the email would be invalid and
unusable.

* Add tests
2023-01-24 20:18:41 +01:00
Claire 6883fddb19
Fix account activation being triggered before email confirmation (#23245)
* Add tests

* Fix account activation being triggered before email confirmation

Fixes #23098
2023-01-24 19:40:21 +01:00
Markus Unterwaditzer f2a6e71bb6
Suppress AddressFamilyError in link verification (#23204)
* Suppress AddressFamilyError

* clarify comment
2023-01-23 13:05:54 +01:00
Claire 448be26b34
Add missing policy attribute to WebPushSubscriptionSerializer (#23210)
* Add missing `policy` attribute to `WebPushSubscriptionSerializer`

Fixes #23145

* Add tests
2023-01-23 13:05:30 +01:00
Claire 68dcbcb7bf
Add more specific error messages to HTTP signature verification (#21617)
* Return specific error on failure to parse Date header

* Add error message when preferredUsername is not set

* Change error report to be JSON and include more details

* Change error report to differentiate unknown account and failed refresh

* Add tests
2023-01-18 16:47:56 +01:00
Claire 343e1fe8e9
Add confirmation screen when handling reports (#22375)
* Add confirmation screen on moderation actions

* Add flash notice when a report has been processed

* Refactor tests

* Add tests
2023-01-18 16:40:09 +01:00
Claire 4b92e59f4f
Add support for editing media description and focus point of already-posted statuses (#20878)
* Add backend support for editing media attachments of existing posts

* Allow editing media attachments of already-posted toots

* Add tests
2023-01-18 16:33:55 +01:00
Claire fcc4c9b34a
Change domain block CSV parsing to be more robust and handle more lists (#21470)
* Change domain block CSV parsing to be more robust and handle more lists

* Add some tests

* Improve domain block import validation and reporting
2023-01-18 16:20:52 +01:00
Claire 21a1a8ee88
Fix crash when marking statuses as sensitive while some statuses are deleted (#22134)
* Do not offer to mark statuses as sensitive if there is no undeleted status with media attachments

* Fix crash when marking statuses as sensitive while some statuses are deleted

Fixes #21910

* Fix multiple strikes being created for a single report when selecting “Mark as sensitive”

* Add tests
2023-01-13 10:46:52 +01:00
Claire 15b88a83ab
Fix sanitizer parsing link text as HTML when stripping unsupported links (#22558) 2023-01-11 22:21:10 +01:00
Markus Unterwaditzer 0c689b9d01
fix: allow verification when page size exceeds 1MB (using HTML5 parser) (#22879)
* fix: allow verification when page size exceeds 1MB
Truncates the page after 1MB instead

Closes #15316

* switch to HTML5 parser, fix rubocop errors

* undo rubocop fixes

Co-authored-by: Chris Zubak-Skees <chriszs@gmail.com>
2023-01-11 21:59:13 +01:00
Claire 18fb01ef7c
Fix possible race conditions when suspending/unsuspending accounts (#22363)
* Fix possible race conditions when suspending/unsuspending accounts

* Fix tests

Tests were assuming SuspensionWorker and UnsuspensionWorker would do the
suspending/unsuspending themselves, but this has changed.
2023-01-05 13:47:21 +01:00
Jeong Arm fdd1facba1
Fix home TL could contain post from who blocked me (#22849)
* Fix home tl contains post from who blocked me

* Add test

* Fix feed_manager's build_crutches

blocked_by was not includes status' owner

* Add test for status from I blocked

* Fix typo
2023-01-05 13:30:38 +01:00
Partho Ghosh 115ab2869b
Fix ・ detection in hashtag regex to construct hashtag correctly (#22888)
* Fix ・ detection in hashtag regex to construct hashtag correctly

* Fixed rubocop liniting issues

* More rubocop linting fix
2023-01-04 02:12:48 +01:00
Claire 70415714f1
Add follow request banner on account header (#20785)
* Add requested_by to relationship maps

* Display whether an account has requested to follow you on their profile
2022-12-15 18:50:11 +01:00
Claire 8556a649d5
Fix changing domain block severity not undoing individual account effects (#22135)
* Fix changing domain block severity not undoing individual account effects

Fixes #22133

* Add tests
2022-12-15 17:45:02 +01:00
Jeong Arm d412147d02
Save avatar or header correctly even if other one fails (#18465)
* Save avatar or header correctly if other one fails

* Fix test
2022-12-15 17:11:14 +01:00