Commit graph

7578 commits

Author SHA1 Message Date
rinpatch 6ca709816f Fix object spoofing vulnerability in attachments
Validate the content-type of the response when fetching an object,
according to https://www.w3.org/TR/activitypub/#x3-2-retrieving-objects.

content-type headers had to be added to many mocks in order to support
this, some of this was done with a regex. While I did go over the
resulting files to check I didn't modify anything unrelated, there is a
 possibility I missed something.

Closes pleroma#1948
2020-11-12 15:25:33 +03:00
Haelwenn 99bc175f02 Merge branch 'title-injection-change' into 'develop'
Title injection change

See merge request pleroma/pleroma!3132
2020-11-12 08:50:26 +00:00
Mark Felder 2156de2fee Ingest blurhash field during transmogrification 2020-11-11 13:39:02 -06:00
Mark Felder 2254e5e595 Render blurhashes in Mastodon API 2020-11-11 12:51:13 -06:00
Mark Felder 6fd72e9e85 Ingest blurhash for attachments if they were federated 2020-11-11 12:27:51 -06:00
lain 631def2df2 RedirectController: Don't replace title, but inject into the meta 2020-11-11 17:10:59 +01:00
Alexander Strizhakov 8da9f919f8
little changes for MRF config descriptions
- log level reduction, if policy doesn't implement config_description method
- docs in dev.md
2020-11-11 18:49:15 +03:00
feld 3cd7ea693f Merge branch 'feature/2222-config-descriptions-for-custom-modules' into 'develop'
Config descriptions for custom MRF policies

Closes #2222

See merge request pleroma/pleroma!3128
2020-11-11 13:48:03 +00:00
Alexander Strizhakov f97f24b067
making credo happy and test fix 2020-11-11 10:48:03 +03:00
Alexander Strizhakov efc27f6464
fix for adminFE
- revert UserAllowPolicy description
- MRF descriptions order
2020-11-11 10:10:57 +03:00
Alexander Strizhakov 485697d96c
config descriptions for custom MRF policies 2020-11-10 19:20:14 +03:00
lain 88f6b61a5e Merge branch '2260-wrong-report-link' into 'develop'
Resolve "Wrong user link in Report email"

Closes #2260

See merge request pleroma/pleroma!3121
2020-11-10 11:04:19 +00:00
lain d77fd6b3d0 Merge branch 'fix/html-title-load' into 'develop'
Fix title on load of Pleroma HTML, fixes #2281

Closes #2281

See merge request pleroma/pleroma!3125
2020-11-10 10:05:15 +00:00
Alexander Strizhakov 0c68b9ac13
escaping summary and other fields in xml templates 2020-11-10 10:46:57 +03:00
Sean King e4a21084f0 Fix title on load of Pleroma HTML 2020-11-08 16:16:20 -07:00
rinpatch cc45c69fff Remove release_env
While taking a final look at instance.gen before releasing I noticed
that the release_env task outputs messages in broken english. Upon
further inspection it seems to have even more severe issues which, in
my opinion, warrant it's at least temporary removal:
- We do not explain what it actually does, anywhere. Neither the task
 docs nor instance.gen, nor installation instructions.
- It does not respect FHS on OTP releases (uses /opt/pleroma/config even
 though we store the config in /etc/pleroma/config.exs).
- It doesn't work on OTP releases, which is the main reason it exists.
Neither systemd nor openrc service files for OTP include it.
- It is not mentioned in install guides other than the ones for Debian
and OTP releases.
2020-11-08 11:56:09 +03:00
lain 294628d981 Merge branch 'feature/expire-mutes' into 'develop'
Expiring mutes for users and activities

Closes #1817

See merge request pleroma/pleroma!2971
2020-11-05 12:44:16 +00:00
lain 6d850c46dc AdminEmail: Use AP id as user url. 2020-11-04 17:12:47 +01:00
lain 7bbc328d66 Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into stats-genserver-fix 2020-11-04 16:52:30 +01:00
lain dd2b3a8da9 Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into feature/expire-mutes 2020-11-04 16:51:42 +01:00
lain 4800ee656b Merge branch 'features/federation-status' into 'develop'
Add a federation_status endpoint showing unreachable instances

See merge request pleroma/pleroma!3086
2020-11-04 15:00:52 +00:00
lain 5db4c823b2 Merge branch 'restrict-domain' into 'develop'
View a remote server's timeline

See merge request pleroma/pleroma!2713
2020-11-04 14:54:53 +00:00
Haelwenn 9c09ea01aa Merge branch '2284-voters-count' into 'develop'
Always return voters_count in polls

See merge request pleroma/pleroma!3120
2020-11-04 14:44:45 +00:00
lain 504a829edb Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into features/federation-status 2020-11-04 15:38:10 +01:00
lain 329aa19c9f Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into alexgleason/pleroma-restrict-domain 2020-11-04 15:05:01 +01:00
lain bc4d9c4ffc Merge branch 'hide-muted-chats' into 'develop'
Hide chats from muted users

Closes #2230

See merge request pleroma/pleroma!3116
2020-11-04 13:48:15 +00:00
Egor Kislitsyn ca95cbe0b4
Add with_muted param to ChatController.index/2 2020-11-04 16:40:12 +04:00
lain 92d252f364 Poll Schema: Update and fix. 2020-11-04 10:20:09 +01:00
lain 1cfc3278c0 Poll View: Always return voters_count. 2020-11-04 10:14:00 +01:00
lain c37118e6f2 Conversations: A few refactors 2020-11-03 13:56:12 +01:00
lain 91f6c32430 Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into a1batross/pleroma-patch-4 2020-11-03 13:45:09 +01:00
Mark Felder 7efc074ead Permit fetching individual reports with notes preloaded 2020-11-02 13:06:59 -06:00
Egor Kislitsyn be52819a11
Hide chats from muted users 2020-11-02 17:51:54 +04:00
lain 24ce324973 Merge branch 'bugfix/poll_replies_count' into 'develop'
side_effects: Don’t increase_replies_count when it’s an Answer

Closes #2274

See merge request pleroma/pleroma!3114
2020-11-02 12:08:20 +00:00
Haelwenn (lanodan) Monnier 4caad4e910
side_effects: Don’t increase_replies_count when it’s an Answer 2020-11-02 05:56:17 +01:00
feld 9fbe9ef774 Merge branch 'tesla-get-to-pleroma' into 'develop'
Use Pleroma.HTTP instead of Tesla

Closes #2275

See merge request pleroma/pleroma!3113
2020-11-01 19:31:17 +00:00
Ekaterina Vaartis 8f00d90f91 Use Pleroma.HTTP instead of Tesla
Closes #2275

As discovered in the issue, captcha used Tesla.get instead of
Pleroma.HTTP. I've also grep'ed the repo and changed the other place
where this was used.
2020-11-01 12:05:39 +03:00
feld 38b481d112 Merge branch 'feature/account-export' into 'develop'
Add account export

Closes #847

See merge request pleroma/pleroma!2918
2020-10-31 17:03:40 +00:00
eugenijm 8e41baff40 Add idempotency_key to the chat_message entity. 2020-10-31 05:50:59 +03:00
Egor Kislitsyn d1698267a2
Fix credo warning 2020-10-31 00:26:11 +04:00
Egor Kislitsyn d2113428c0
Merge remote-tracking branch 'origin/develop' into feature/account-export 2020-10-30 19:34:02 +04:00
Alibek Omarov d63ec02f31 ConversationView: fix formatting 2020-10-30 13:59:53 +01:00
Alibek Omarov 9b93eef715 ConversationView: fix last_status.account being empty, fix current user being included in group conversations 2020-10-30 13:59:53 +01:00
Alibek Omarov 241bd061fc ConversationView: add current user to conversations, according to Mastodon behaviour 2020-10-30 12:58:51 +01:00
Haelwenn 131f3219e6 Merge branch 'issue/2069' into 'develop'
[#2069] unread_conversation_count

See merge request pleroma/pleroma!2939
2020-10-29 23:39:15 +00:00
feld 1cce1bd729 Merge branch 'issue/2137-user-filters-admin-fe' into 'develop'
[#2137] admin/users filters

See merge request pleroma/pleroma!3016
2020-10-29 21:06:15 +00:00
Egor Kislitsyn fa902867c0
Merge remote-tracking branch 'origin/develop' into mutes-blocks-pagination 2020-10-29 15:35:42 +04:00
Ivan Tashkinov 9f5f7dc9f9 Fixed User.is_discoverable attribute rendering in Admin API User view. 2020-10-28 22:29:52 +03:00
Ivan Tashkinov da4a1e57b1 @doc fix. 2020-10-28 19:09:38 +03:00
Ivan Tashkinov ba50dc05a8 Merge remote-tracking branch 'remotes/origin/develop' into ostatus-controller-no-auth-check-on-non-federating-instances
# Conflicts:
#	CHANGELOG.md
2020-10-28 19:03:40 +03:00