Commit graph

13 commits

Author SHA1 Message Date
rinpatch
6ca709816f Fix object spoofing vulnerability in attachments
Validate the content-type of the response when fetching an object,
according to https://www.w3.org/TR/activitypub/#x3-2-retrieving-objects.

content-type headers had to be added to many mocks in order to support
this, some of this was done with a regex. While I did go over the
resulting files to check I didn't modify anything unrelated, there is a
 possibility I missed something.

Closes pleroma#1948
2020-11-12 15:25:33 +03:00
Mark Felder
966663c3f8 Fix tests for other attachment types 2020-11-11 16:17:35 -06:00
Haelwenn (lanodan) Monnier
4caad4e910
side_effects: Don’t increase_replies_count when it’s an Answer 2020-11-02 05:56:17 +01:00
Ivan Tashkinov
9ea31b373f Merge remote-tracking branch 'remotes/origin/develop' into chore/elixir-1.11 2020-10-17 17:53:47 +03:00
Egor Kislitsyn
3985c1b450
Fix warnings 2020-10-15 16:54:59 +04:00
Mark Felder
409f694e4f Merge branch 'develop' into refactor/locked_user_field 2020-10-13 09:54:29 -05:00
Alexander Strizhakov
5f2071c458
changes after rebase 2020-10-13 16:44:03 +03:00
Alexander Strizhakov
b081080dd9
fixes after rebase 2020-10-13 16:44:02 +03:00
Alexander Strizhakov
f679486540
rebase 2020-10-13 16:44:02 +03:00
Alexander Strizhakov
c4c5caedd8
changes after rebase 2020-10-13 16:44:02 +03:00
Alexander Strizhakov
c5efded5fd
files consistency for new files 2020-10-13 16:44:00 +03:00
Alexander Strizhakov
e33782455d
updates after rebase 2020-10-13 16:43:59 +03:00
Alexander Strizhakov
7dffaef479
tests consistency 2020-10-13 16:35:09 +03:00