Claire
c107375035
Merge pull request from GHSA-7w3c-p9j8-mq3x
...
* Ensure destruction of OAuth Applications notifies streaming
Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.
* Ensure password resets revoke access to Streaming API
* Improve performance of deleting OAuth tokens
---------
Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
2024-02-14 15:15:34 +01:00
Emelia Smith
865a775456
Disable administrative doorkeeper routes ( #29187 )
2024-02-14 11:44:25 +01:00
Claire
befd534eb8
Merge pull request from GHSA-3fjr-858r-92rw
...
* Fix insufficient origin validation
* Bump version to v4.0.13
2024-02-01 15:56:46 +01:00
Matt Jankowski
905baaaff2
Dont match mention in url query string ( #25656 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-10-10 13:51:14 +02:00
Claire
19af772dbd
Fix crash when filtering for “dormant” relationships ( #27306 )
2023-10-10 13:51:14 +02:00
Claire
5c64f01b19
Fix moderator rights inconsistencies ( #26729 )
2023-09-19 17:01:32 +02:00
Claire
3ab722a79c
Fix cached posts including stale stats ( #26409 )
2023-09-19 17:01:32 +02:00
Emelia Smith
d3e97e8c23
Allow reports with long comments from remote instances, but truncate ( #25028 )
2023-09-05 18:51:01 +02:00
Daniel M Brasil
db8db60244
Fix `/api/v1/timelines/tag/:hashtag` allowing for unauthenticated access when public preview is disabled ( #26237 )
2023-09-05 18:51:01 +02:00
Claire
fc4a93b937
Fix CSP headers being unintendedly wide ( #26105 )
2023-07-21 16:07:35 +02:00
Claire
93a87b96c7
Fix processing of media files with unusual names ( #25788 )
2023-07-07 19:36:12 +02:00
Claire
2119aadf0a
Merge pull request from GHSA-9928-3cp5-93fm
...
* Fix attachments getting processed despite failing content-type validation
* Add a restrictive ImageMagick security policy tailored for Mastodon
* Fix misdetection of MP3 files with large cover art
* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Renaud Chaput
94c67e8bfd
Allow carets in URL search params ( #25216 )
2023-07-06 13:45:58 +02:00
Claire
5e55ca25d6
Fix ResolveURLService not resolving local URLs for remote content ( #25637 )
2023-07-06 13:45:58 +02:00
Claire
0bcb4f73f1
Change /api/v1/statuses/:id/history to always return at least one item ( #25510 )
2023-07-06 13:45:58 +02:00
Daniel M Brasil
c285f9d1a1
Fix incorrect pagination headers in `/api/v2/admin/accounts` ( #25477 )
2023-07-06 13:45:58 +02:00
Claire
660845f781
Change profile updates to be sent to recently-mentioned servers ( #24852 )
2023-07-06 13:45:58 +02:00
Claire
ebe009ff09
Fix /api/v1/conversations sometimes returning empty accounts ( #25499 )
2023-07-06 13:45:58 +02:00
Claire
2617c33fc3
Fix ArgumentError when loading newer Private Mentions ( #25399 )
2023-07-06 13:45:58 +02:00
Claire
2c3cb903ad
Fix misleading error code when receiving invalid WebAuthn credentials ( #23568 )
2023-03-16 11:58:46 +01:00
Christian Schmidt
4ea4c3f49c
Unescape HTML entities ( #24019 )
2023-03-14 10:00:13 +01:00
Claire
e2103c9175
Fix “Remove all followers from the selected domains” being more destructive than it claims ( #23805 )
2023-03-14 09:50:57 +01:00
Eugen Rochko
21fd25a269
Fix rate limiting for paths with formats ( #20675 )
2022-11-14 20:26:31 +01:00
trwnh
b59ce0a60f
Move V2 Filter methods under /api/v2 prefix ( #20622 )
...
* Move V2 Filter methods under /api/v2 prefix
* move over the tests too
2022-11-14 08:34:07 +01:00
Eugen Rochko
552d69ad96
Fix error when invalid domain name is submitted ( #19474 )
...
Fix #19175
2022-11-14 08:07:14 +01:00
Eugen Rochko
b31afc6294
Fix error when passing unknown filter param in REST API ( #20626 )
...
Fix #19156
2022-11-14 08:06:06 +01:00
Hampton Lintorn-Catlin
147d8bd8fc
Support UTF-8 Characters in Domains During CSV Import ( #20592 )
...
* Support UTF-8 Characters in Domains During Import
* Update Changelong
2022-11-14 05:52:13 +01:00
Emily Strickland
c2231539c7
Test blank account field verifiability ( #20458 )
...
* Test blank account field verifiability
This change tests the need for #20428 , which ensures that we guard against a situation in which `at_xpath` returns `nil`.
* Test verifiability of blank fields for remote account profiles
This adds a counterpart test for remote account profiles' fields' verifiability when those fields are blank. I previously added the same test for local accounts.
2022-11-13 21:02:09 +01:00
F
d4f973227c
Test the native_locale_name of a non-standard locale ( #20284 )
...
`:en` is English for both `standard_locale_name` and
`native_locale_name`, and so makes for a poor test candidate for
differentiating between them.
2022-11-11 00:06:18 +01:00
Eugen Rochko
9965a23b04
Change link verification to ignore IDN domains ( #20295 )
...
Fix #3833
2022-11-10 06:27:45 +01:00
Eugen Rochko
e98833748e
Fix being able to spoof link verification ( #20217 )
...
- Change verification to happen in `default` queue
- Change verification worker to only be queued if there's something to do
- Add `link` tags from metadata fields to page header of profiles
2022-11-09 08:24:21 +01:00
luzpaz
6ba52306f9
Fix typos ( #19849 )
...
Found via `codespell -q 3 -S ./yarn.lock,./CHANGELOG.md,./AUTHORS.md,./config/locales,./app/javascript/mastodon/locales -L ba,followings,keypair,medias,pattens,pixelx,rememberable,ro,te`
2022-11-08 17:32:03 +01:00
Roni Laukkarinen
36b0ff57b7
Fix grammar ( #20106 )
2022-11-08 16:35:42 +01:00
Claire
bbf74498f5
Fix validation error in SynchronizeFeaturedTagsCollectionWorker ( #20018 )
...
* Fix followers count not being updated when migrating follows
Fixes #19900
* Fix validation error in SynchronizeFeaturedTagsCollectionWorker
Also saves remote user's chosen case for hashtags
* Limit remote featured tags before validation
2022-11-07 22:35:53 +01:00
Claire
3114c826a7
Fix filter handling in status cache hydration ( #19963 )
2022-11-07 19:47:48 +01:00
Claire
5925a31b78
Fix followers count not being updated when migrating follows ( #19998 )
...
Fixes #19900
2022-11-07 15:38:55 +01:00
Claire
bb89f83cc0
Fix additional issues with status cache hydration ( #19747 )
...
* Spare one SQL query when hydrating polls
* Improve tests
* Fix more discrepancies
* Fix possible crash when the status has no application set
2022-11-04 20:01:33 +01:00
Claire
03b991de6c
Fix various issues with store hydration ( #19746 )
...
- Improve tests
- Fix possible crash when application of a reblogged post isn't set
- Fix discrepancies around favourited and reblogged attributes
- Fix discrepancies around pinned attribute
- Fix polls not being hydrated
2022-11-04 19:33:16 +01:00
Eugen Rochko
5f9e47be34
Add caching for payload serialization during fan-out ( #19642 )
2022-11-04 13:21:06 +01:00
Claire
4fb0aae636
Change mentions of blocked users to not be processed ( #19725 )
...
Fixes #19698
2022-11-04 13:19:12 +01:00
Claire
9387beb3b3
Change flaky AccountSearchService test ( #19650 )
2022-11-03 23:12:08 +01:00
Claire
1dca08b76f
Fix admin action logs page ( #19649 )
...
* Add tests
* Fix crash when trying to display orphaned action logs
* Add migration for older admin action logs
2022-11-03 16:06:42 +01:00
pea-sys
c68e6b52d9
png optimization(loss less) ( #19630 )
2022-11-01 15:06:52 +01:00
Eugen Rochko
d0ba77047e
Change max. thumbnail dimensions to 640x360px (360p) ( #19619 )
2022-11-01 13:01:39 +01:00
Eugen Rochko
40c7f3e830
Fix account action type validation ( #19476 )
...
* Fix account action type validation
Fix #19143
* Fix #19145
* Fix code style issues
2022-10-30 02:44:32 +02:00
Eugen Rochko
f8ca3bb2a1
Add ability to view previous edits of a status in admin UI ( #19462 )
...
* Add ability to view previous edits of a status in admin UI
* Change moderator access to posts to be controlled by a separate policy
2022-10-26 13:42:29 +02:00
Eugen Rochko
bf0ab3e0fa
Fix vacuum scheduler missing lock, locks never expiring ( #19458 )
...
Remove vacuuming of orphaned preview cards
2022-10-26 12:10:48 +02:00
Eugen Rochko
1ae508bf2f
Change unauthenticated search to not support pagination in REST API ( #19326 )
...
- Only exact search matches for queries with < 5 characters
- Do not support queries with `offset` (pagination)
- Return HTTP 401 on truthy `resolve` instead of overriding to false
2022-10-26 12:10:02 +02:00
Eugen Rochko
7c152acb2c
Change settings area to be separated into categories in admin UI ( #19407 )
...
And update all descriptions
2022-10-22 11:44:41 +02:00
Yamagishi Kazutoshi
94feb2b93f
Fix `FetchFeaturedCollectionService` spec ( #19401 )
...
Regression from #19380
2022-10-21 11:48:22 +02:00