From 4e85b9073bc996ff04fbd540dab217d7fed4b4c0 Mon Sep 17 00:00:00 2001 From: Claire Date: Tue, 16 Sep 2025 17:39:45 +0200 Subject: [PATCH 01/11] Fix typo in changelog (#36140) --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 49da341ec..004a0baa8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,7 +18,7 @@ All notable changes to this project will be documented in this file. - Fix WebUI handling of deleted quoted posts (#35909 and #35918 by @ClearlyClaire and @diondiondion) - Fix “Edit” and “Delete & Redraft” on a poll not inserting empty option (#35892 by @ClearlyClaire) - Fix loading of some compatibility CSS on some configurations (#35876 by @shleeable) -- Fix HttpLog not being enabled with `RAILS_LOGÈ_LEVEL=debug` (#35833 by @mjankowski) +- Fix HttpLog not being enabled with `RAILS_LOG_LEVEL=debug` (#35833 by @mjankowski) - Fix self-destruct scheduler behavior on some Redis setups (#35823 by @ClearlyClaire) - Fix `tootctl admin create` not bypassing reserved username checks (#35779 by @ClearlyClaire) - Fix interaction policy changes in implicit updates not being saved (#35751 by @ClearlyClaire) From 06c2393805eee6b2e4b4aa17787129a2d542b71d Mon Sep 17 00:00:00 2001 From: Claire Date: Wed, 17 Sep 2025 14:00:58 +0200 Subject: [PATCH 02/11] Fix quote with CW but no text being shown without CW (#36150) --- app/javascript/mastodon/actions/importer/normalizer.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/javascript/mastodon/actions/importer/normalizer.js b/app/javascript/mastodon/actions/importer/normalizer.js index d5e59b8b0..772337980 100644 --- a/app/javascript/mastodon/actions/importer/normalizer.js +++ b/app/javascript/mastodon/actions/importer/normalizer.js @@ -81,7 +81,7 @@ export function normalizeStatus(status, normalOldStatus) { } else { // If the status has a CW but no contents, treat the CW as if it were the // status' contents, to avoid having a CW toggle with seemingly no effect. - if (normalStatus.spoiler_text && !normalStatus.content) { + if (normalStatus.spoiler_text && !normalStatus.content && !normalStatus.quote) { normalStatus.content = normalStatus.spoiler_text; normalStatus.spoiler_text = ''; } From c8551a3eca59752a4a8eeef4941221a654746895 Mon Sep 17 00:00:00 2001 From: Claire Date: Thu, 18 Sep 2025 14:46:31 +0200 Subject: [PATCH 03/11] Add click-through for quoted limited accounts (#36167) --- .../mastodon/components/status_quoted.tsx | 38 ++++++++++++++++++- app/javascript/mastodon/locales/en.json | 2 + 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/app/javascript/mastodon/components/status_quoted.tsx b/app/javascript/mastodon/components/status_quoted.tsx index 3f7f51cf0..d58760ac6 100644 --- a/app/javascript/mastodon/components/status_quoted.tsx +++ b/app/javascript/mastodon/components/status_quoted.tsx @@ -1,4 +1,4 @@ -import { useEffect, useMemo } from 'react'; +import { useCallback, useEffect, useMemo } from 'react'; import { FormattedMessage } from 'react-intl'; @@ -11,13 +11,16 @@ import ArticleIcon from '@/material-icons/400-24px/article.svg?react'; import ChevronRightIcon from '@/material-icons/400-24px/chevron_right.svg?react'; import { Icon } from 'mastodon/components/icon'; import StatusContainer from 'mastodon/containers/status_container'; +import { domain } from 'mastodon/initial_state'; import type { Status } from 'mastodon/models/status'; import type { RootState } from 'mastodon/store'; import { useAppDispatch, useAppSelector } from 'mastodon/store'; import QuoteIcon from '../../images/quote.svg?react'; +import { revealAccount } from '../actions/accounts_typed'; import { fetchStatus } from '../actions/statuses'; import { makeGetStatus } from '../selectors'; +import { getAccountHidden } from '../selectors/accounts'; const MAX_QUOTE_POSTS_NESTING_LEVEL = 1; @@ -73,6 +76,29 @@ type GetStatusSelector = ( props: { id?: string | null; contextType?: string }, ) => Status | null; +const LimitedAccountHint: React.FC<{ accountId: string }> = ({ accountId }) => { + const dispatch = useAppDispatch(); + const reveal = useCallback(() => { + dispatch(revealAccount({ id: accountId })); + }, [dispatch, accountId]); + + return ( + <> + + + + ); +}; + export const QuotedStatus: React.FC<{ quote: QuoteMap; contextType?: string; @@ -100,6 +126,14 @@ export const QuotedStatus: React.FC<{ const shouldLoadQuote = !status?.get('isLoading') && quoteState !== 'deleted'; + const accountId: string | null = status?.get('account', null) as + | string + | null; + + const hiddenAccount = useAppSelector( + (state) => accountId && getAccountHidden(state, accountId), + ); + useEffect(() => { if (shouldLoadQuote && quotedStatusId) { dispatch( @@ -164,6 +198,8 @@ export const QuotedStatus: React.FC<{ defaultMessage='This post cannot be displayed.' /> ); + } else if (hiddenAccount && accountId) { + quoteError = ; } if (quoteError) { diff --git a/app/javascript/mastodon/locales/en.json b/app/javascript/mastodon/locales/en.json index 59d39a153..b2821c2e5 100644 --- a/app/javascript/mastodon/locales/en.json +++ b/app/javascript/mastodon/locales/en.json @@ -873,6 +873,8 @@ "status.open": "Expand this post", "status.pin": "Pin on profile", "status.quote_error.filtered": "Hidden due to one of your filters", + "status.quote_error.limited_account_hint.action": "Show anyway", + "status.quote_error.limited_account_hint.title": "This account has been hidden by the moderators of {domain}.", "status.quote_error.not_found": "This post cannot be displayed.", "status.quote_error.pending_approval": "This post is pending approval from the original author.", "status.quote_error.rejected": "This post cannot be displayed as the original author does not allow it to be quoted.", From a94d7bf520ccb1b21555fa6cff1c45e1dc015bd9 Mon Sep 17 00:00:00 2001 From: Claire Date: Thu, 18 Sep 2025 15:21:17 +0200 Subject: [PATCH 04/11] Change quoted posts from silenced accounts not to be hidden (#36166) --- app/lib/status_cache_hydrator.rb | 2 +- app/lib/status_filter.rb | 6 ++++++ app/serializers/rest/base_quote_serializer.rb | 4 ++-- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/app/lib/status_cache_hydrator.rb b/app/lib/status_cache_hydrator.rb index 674945c40..70c9feb13 100644 --- a/app/lib/status_cache_hydrator.rb +++ b/app/lib/status_cache_hydrator.rb @@ -85,7 +85,7 @@ class StatusCacheHydrator if quote.quoted_status.nil? payload[nested ? :quoted_status_id : :quoted_status] = nil payload[:state] = 'deleted' - elsif StatusFilter.new(quote.quoted_status, Account.find_by(id: account_id)).filtered? + elsif StatusFilter.new(quote.quoted_status, Account.find_by(id: account_id)).filtered_for_quote? payload[nested ? :quoted_status_id : :quoted_status] = nil payload[:state] = 'unauthorized' else diff --git a/app/lib/status_filter.rb b/app/lib/status_filter.rb index eb522e544..dbf7d28b6 100644 --- a/app/lib/status_filter.rb +++ b/app/lib/status_filter.rb @@ -15,6 +15,12 @@ class StatusFilter blocked_by_policy? || (account_present? && filtered_status?) || silenced_account? end + def filtered_for_quote? + return false if !account.nil? && account.id == status.account_id + + blocked_by_policy? || (account_present? && filtered_status?) + end + private def account_present? diff --git a/app/serializers/rest/base_quote_serializer.rb b/app/serializers/rest/base_quote_serializer.rb index 20a53d1a2..be9d5cbe6 100644 --- a/app/serializers/rest/base_quote_serializer.rb +++ b/app/serializers/rest/base_quote_serializer.rb @@ -8,13 +8,13 @@ class REST::BaseQuoteSerializer < ActiveModel::Serializer # Extra states when a status is unavailable return 'deleted' if object.quoted_status.nil? - return 'unauthorized' if status_filter.filtered? + return 'unauthorized' if status_filter.filtered_for_quote? object.state end def quoted_status - object.quoted_status if object.accepted? && object.quoted_status.present? && !status_filter.filtered? + object.quoted_status if object.accepted? && object.quoted_status.present? && !status_filter.filtered_for_quote? end private From 0b66bd591fde350419f8544ae5e05b9ea8e52ef9 Mon Sep 17 00:00:00 2001 From: Claire Date: Fri, 19 Sep 2025 10:45:13 +0200 Subject: [PATCH 05/11] Fix getting `Create` and `Update` out of order (#36176) --- app/lib/activitypub/activity/update.rb | 3 + spec/lib/activitypub/activity_spec.rb | 111 +++++++++++++++++++++++++ 2 files changed, 114 insertions(+) create mode 100644 spec/lib/activitypub/activity_spec.rb diff --git a/app/lib/activitypub/activity/update.rb b/app/lib/activitypub/activity/update.rb index 973706f59..15025ca5e 100644 --- a/app/lib/activitypub/activity/update.rb +++ b/app/lib/activitypub/activity/update.rb @@ -28,6 +28,9 @@ class ActivityPub::Activity::Update < ActivityPub::Activity @status = Status.find_by(uri: object_uri, account_id: @account.id) + # We may be getting `Create` and `Update` out of order + @status ||= ActivityPub::Activity::Create.new(@json, @account, **@options).perform + return if @status.nil? ActivityPub::ProcessStatusUpdateService.new.call(@status, @json, @object, request_id: @options[:request_id]) diff --git a/spec/lib/activitypub/activity_spec.rb b/spec/lib/activitypub/activity_spec.rb new file mode 100644 index 000000000..218da04d9 --- /dev/null +++ b/spec/lib/activitypub/activity_spec.rb @@ -0,0 +1,111 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe ActivityPub::Activity do + describe 'processing a Create and an Update' do + let(:sender) { Fabricate(:account, followers_url: 'http://example.com/followers', domain: 'example.com', uri: 'https://example.com/actor') } + let(:quoted_account) { Fabricate(:account, domain: 'quoted.example.com') } + let(:quoted_status) { Fabricate(:status, account: quoted_account) } + let(:approval_uri) { 'https://quoted.example.com/approvals/1' } + + let(:approval_payload) do + { + '@context': [ + 'https://www.w3.org/ns/activitystreams', + { + QuoteAuthorization: 'https://w3id.org/fep/044f#QuoteAuthorization', + gts: 'https://gotosocial.org/ns#', + interactingObject: { + '@id': 'gts:interactingObject', + '@type': '@id', + }, + interactionTarget: { + '@id': 'gts:interactionTarget', + '@type': '@id', + }, + }, + ], + type: 'QuoteAuthorization', + id: approval_uri, + attributedTo: ActivityPub::TagManager.instance.uri_for(quoted_status.account), + interactingObject: [ActivityPub::TagManager.instance.uri_for(sender), 'post1'].join('/'), + interactionTarget: ActivityPub::TagManager.instance.uri_for(quoted_status), + } + end + + let(:create_json) do + { + '@context': [ + 'https://www.w3.org/ns/activitystreams', + { + quote: 'https://w3id.org/fep/044f#quote', + }, + ], + id: [ActivityPub::TagManager.instance.uri_for(sender), '#create'].join, + type: 'Create', + actor: ActivityPub::TagManager.instance.uri_for(sender), + object: { + id: [ActivityPub::TagManager.instance.uri_for(sender), 'post1'].join('/'), + type: 'Note', + to: [ + 'https://www.w3.org/ns/activitystreams#Public', + ], + content: 'foo', + published: '2025-05-24T11:03:10Z', + quote: ActivityPub::TagManager.instance.uri_for(quoted_status), + }, + }.deep_stringify_keys + end + + let(:update_json) do + { + '@context': [ + 'https://www.w3.org/ns/activitystreams', + { + quote: 'https://w3id.org/fep/044f#quote', + quoteAuthorization: { '@id': 'https://w3id.org/fep/044f#quoteAuthorization', '@type': '@id' }, + }, + ], + id: [ActivityPub::TagManager.instance.uri_for(sender), '#update'].join, + type: 'Update', + actor: ActivityPub::TagManager.instance.uri_for(sender), + object: { + id: [ActivityPub::TagManager.instance.uri_for(sender), 'post1'].join('/'), + type: 'Note', + to: [ + 'https://www.w3.org/ns/activitystreams#Public', + ], + content: 'foo', + published: '2025-05-24T11:03:10Z', + quote: ActivityPub::TagManager.instance.uri_for(quoted_status), + quoteAuthorization: approval_uri, + }, + }.deep_stringify_keys + end + + before do + sender.update(uri: ActivityPub::TagManager.instance.uri_for(sender)) + + stub_request(:get, approval_uri).to_return(headers: { 'Content-Type': 'application/activity+json' }, body: Oj.dump(approval_payload)) + end + + context 'when getting them in order' do + it 'creates a status and approves the quote' do + described_class.factory(create_json, sender).perform + status = described_class.factory(update_json, sender).perform + + expect(status.quote.state).to eq 'accepted' + end + end + + context 'when getting them out of order' do + it 'creates a status and approves the quote' do + described_class.factory(update_json, sender).perform + status = described_class.factory(create_json, sender).perform + + expect(status.quote.state).to eq 'accepted' + end + end + end +end From bef28b2e518032db2d3b5af92491faca21b84484 Mon Sep 17 00:00:00 2001 From: Claire Date: Fri, 19 Sep 2025 11:52:17 +0200 Subject: [PATCH 06/11] Fix processing of out-of-order `Update` as implicit updates (#36190) --- app/services/activitypub/process_status_update_service.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/app/services/activitypub/process_status_update_service.rb b/app/services/activitypub/process_status_update_service.rb index 1821458fb..fcc2963e3 100644 --- a/app/services/activitypub/process_status_update_service.rb +++ b/app/services/activitypub/process_status_update_service.rb @@ -25,6 +25,9 @@ class ActivityPub::ProcessStatusUpdateService < BaseService if @status_parser.edited_at.present? && (@status.edited_at.nil? || @status_parser.edited_at > @status.edited_at) handle_explicit_update! + elsif @status.edited_at.present? && (@status_parser.edited_at.nil? || @status_parser.edited_at < @status.edited_at) + # This is an older update, reject it + return @status else handle_implicit_update! end From 70e2eb49dfafce173b3c6b5976d0aae0b9c261c3 Mon Sep 17 00:00:00 2001 From: Claire Date: Mon, 22 Sep 2025 18:03:22 +0200 Subject: [PATCH 07/11] Add support for `has:quote` in search (#36217) --- app/models/concerns/status/search_concern.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/models/concerns/status/search_concern.rb b/app/models/concerns/status/search_concern.rb index 3f31b3b67..7f1dbedc4 100644 --- a/app/models/concerns/status/search_concern.rb +++ b/app/models/concerns/status/search_concern.rb @@ -43,6 +43,7 @@ module Status::SearchConcern properties << 'embed' if preview_card&.video? properties << 'sensitive' if sensitive? properties << 'reply' if reply? + properties << 'quote' if with_quote? end end end From dd0647ca45529f46450943898d9124c5cdca1f38 Mon Sep 17 00:00:00 2001 From: Claire Date: Tue, 23 Sep 2025 10:46:42 +0200 Subject: [PATCH 08/11] Update dependency `rexml` --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 7527280f8..4a6f5f862 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -725,7 +725,7 @@ GEM responders (3.1.1) actionpack (>= 5.2) railties (>= 5.2) - rexml (3.4.1) + rexml (3.4.4) rotp (6.3.0) rouge (4.5.2) rpam2 (4.0.2) From dc6d8f882528803c06b2a71c23d6c1467880a7e1 Mon Sep 17 00:00:00 2001 From: Claire Date: Tue, 23 Sep 2025 11:12:26 +0200 Subject: [PATCH 09/11] Bump version to v4.4.5 --- CHANGELOG.md | 20 ++++++++++++++++++++ docker-compose.yml | 6 +++--- lib/mastodon/version.rb | 2 +- 3 files changed, 24 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 004a0baa8..ad084c8a5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,26 @@ All notable changes to this project will be documented in this file. +## [4.4.5] - 2025-09-23 + +### Security + +- Update dependencies + +### Added + +- Add support for `has:quote` in search (#36217 by @ClearlyClaire) + +### Changed + +- Change quoted posts from silenced accounts to use a click-through rather than being hidden (#36166 and #36167 by @ClearlyClaire) + +### Fixed + +- Fix processing of out-of-order `Update` as implicit updates (#36190 by @ClearlyClaire) +- Fix getting `Create` and `Update` out of order (#36176 by @ClearlyClaire) +- Fix quotes with Content Warnings but no text being shown without Content Warnings (#36150 by @ClearlyClaire) + ## [4.4.4] - 2025-09-16 ### Security diff --git a/docker-compose.yml b/docker-compose.yml index e0159beae..6d00c93b0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -59,7 +59,7 @@ services: web: # You can uncomment the following line if you want to not use the prebuilt image, for example if you have local code changes # build: . - image: ghcr.io/mastodon/mastodon:v4.4.4 + image: ghcr.io/mastodon/mastodon:v4.4.5 restart: always env_file: .env.production command: bundle exec puma -C config/puma.rb @@ -83,7 +83,7 @@ services: # build: # dockerfile: ./streaming/Dockerfile # context: . - image: ghcr.io/mastodon/mastodon-streaming:v4.4.4 + image: ghcr.io/mastodon/mastodon-streaming:v4.4.5 restart: always env_file: .env.production command: node ./streaming/index.js @@ -102,7 +102,7 @@ services: sidekiq: # You can uncomment the following line if you want to not use the prebuilt image, for example if you have local code changes # build: . - image: ghcr.io/mastodon/mastodon:v4.4.4 + image: ghcr.io/mastodon/mastodon:v4.4.5 restart: always env_file: .env.production command: bundle exec sidekiq diff --git a/lib/mastodon/version.rb b/lib/mastodon/version.rb index 54d636516..6ad44cff7 100644 --- a/lib/mastodon/version.rb +++ b/lib/mastodon/version.rb @@ -13,7 +13,7 @@ module Mastodon end def patch - 4 + 5 end def default_prerelease From 1896790c03d7f0eb000cb30adebbfdbde092b107 Mon Sep 17 00:00:00 2001 From: Mike Barnes Date: Fri, 26 Sep 2025 10:33:16 +1000 Subject: [PATCH 10/11] Make quote colours less jarring --- app/javascript/styles/tangerineui/chingerine.scss | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/app/javascript/styles/tangerineui/chingerine.scss b/app/javascript/styles/tangerineui/chingerine.scss index 01ce5ba83..0da262639 100644 --- a/app/javascript/styles/tangerineui/chingerine.scss +++ b/app/javascript/styles/tangerineui/chingerine.scss @@ -24,6 +24,12 @@ --color-accent-bg: #f6f5ed; --color-reject: #953f3b; } + +body { + --rich-text-container-color: rgb(255, 254, 216); + --rich-text-text-color: rgb(63, 58, 18); + --rich-text-decorations-color: rgb(228, 226, 112); +} @media (prefers-color-scheme: dark) { :root { --color-bg: #111; @@ -46,6 +52,12 @@ /* --color-confirm: #79bd9a; */ --color-confirm-bg: rgba(196, 216, 197, 30%); } + + body { + --rich-text-container-color: rgb(63, 58, 18); + --rich-text-text-color: rgb(255, 254, 216); + --rich-text-decorations-color: rgb(228, 226, 112); + } } :root { From d8dc0ee28ca7145ccfde81ad08a1bd4084e1f317 Mon Sep 17 00:00:00 2001 From: Mike Barnes Date: Fri, 26 Sep 2025 10:33:58 +1000 Subject: [PATCH 11/11] Bump Chingerine revision number --- app/javascript/styles/tangerineui/chingerine.scss | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/javascript/styles/tangerineui/chingerine.scss b/app/javascript/styles/tangerineui/chingerine.scss index 0da262639..4779e52ad 100644 --- a/app/javascript/styles/tangerineui/chingerine.scss +++ b/app/javascript/styles/tangerineui/chingerine.scss @@ -1,6 +1,6 @@ /* Chinwag Meta */ :root { - --version-tag: 'cw0'; + --version-tag: 'cw1'; --variant-name: 'Chinwag'; --variant-emoji: '\1F986\00A0'; --variant: var(--variant-emoji) var(--variant-name);