Haelwenn (lanodan) Monnier
8176ca9e40
static_fe: Sanitize HTML in users
2020-03-15 20:44:04 +01:00
Haelwenn (lanodan) Monnier
0ac6e29654
static_fe: Sanitize HTML in posts
...
Note: Seems to have different sanitization with TwitterCard generator giving
the following:
<meta content=\"“alert('xss')”\" property=\"twitter:description\">
2020-03-15 20:44:04 +01:00
lain
fa4ec17c84
Merge branch '1560-non-federating-instances-routes-restrictions' into 'develop'
...
[#1560 ] Restricted AP- & OStatus-related routes for non-federating instances
Closes #1560
See merge request pleroma/pleroma!2235
2020-03-15 19:15:20 +00:00
Haelwenn
d84670b9e1
Merge branch 'f' into 'develop'
...
rip out fetch_initial_posts
Closes #1422 and #1595
See merge request pleroma/pleroma!2297
2020-03-15 16:14:54 +00:00
rinpatch
e87a32bcd7
rip out fetch_initial_posts
...
Every time someone tries to use it, it goes mad and tries to scrape the
entire fediverse for no visible reason, it's better to just remove it
than continue shipping it in it's current state.
idea acked by lain and feld on irc
Closes #1595 #1422
2020-03-15 15:59:17 +03:00
Haelwenn (lanodan) Monnier
8f7bc07ebc
pleroma_api_controller.ex: Improve conversations error reporting
...
Related: https://git.pleroma.social/pleroma/pleroma/issues/1594
2020-03-15 12:35:23 +01:00
Ivan Tashkinov
ecb7809e92
Merge remote-tracking branch 'remotes/origin/develop' into 1560-non-federating-instances-routes-restrictions
...
# Conflicts:
# lib/pleroma/plugs/static_fe_plug.ex
2020-03-14 15:37:02 +03:00
rinpatch
38f796a5c6
Merge branch 'feature/mastofe-admin-scope' into 'develop'
...
auth_controller.ex: Add admin scope to MastoFE
See merge request pleroma/pleroma!2256
2020-03-13 18:58:52 +00:00
rinpatch
3e0f05f08e
Merge branch 'bugfix/br-vs-newline' into 'develop'
...
Formatting: Do not use \n and prefer <br> instead
Closes #1374 and #1375
See merge request pleroma/pleroma!2204
2020-03-13 18:22:55 +00:00
rinpatch
096c5c52e0
Merge branch 'revert/cache-control' into 'develop'
...
Revert "Set better Cache-Control header for static content"
Closes #1613
See merge request pleroma/pleroma!2290
2020-03-13 16:25:10 +00:00
Haelwenn (lanodan) Monnier
d1379c4de8
Formatting: Do not use \n and prefer <br> instead
...
It moves bbcode to bbcode_pleroma as the former is owned by kaniini
and transfering ownership wasn't done in a timely manner.
Closes: https://git.pleroma.social/pleroma/pleroma/issues/1374
Closes: https://git.pleroma.social/pleroma/pleroma/issues/1375
2020-03-13 16:07:17 +01:00
802b991814
Merge branch 'exclude-posts-visible-to-admin' into 'develop'
...
Exclude private and direct statuses visible to the admin when using godmode
Closes #1599
See merge request pleroma/pleroma!2272
2020-03-12 20:29:51 +00:00
Ivan Tashkinov
bd40880fa0
Merge remote-tracking branch 'remotes/origin/develop' into 1560-non-federating-instances-routes-restrictions
...
# Conflicts:
# test/web/activity_pub/activity_pub_controller_test.exs
2020-03-12 12:07:07 +03:00
2019f3b3ff
Merge branch 'fix/signup-without-email' into 'develop'
...
Allow account registration without an email
See merge request pleroma/pleroma!2246
2020-03-11 16:53:05 +00:00
rinpatch
7cdabdc0df
Merge branch 'fix/1610-release-compilation-config-fix' into 'develop'
...
Merging default release config on app start
Closes #1610
See merge request pleroma/pleroma!2288
2020-03-11 15:16:18 +00:00
f92c447bbc
Merge branch 'relay-list-change' into 'develop'
...
Relay list shows hosts without accepted follow
See merge request pleroma/pleroma!2240
2020-03-11 15:10:09 +00:00
rinpatch
c3b9fbd3a7
Revert "Set better Cache-Control header for static content"
...
On furher investigation it seems like all that did was cause unintuitive
behavior. The emoji request flood that was the reason for introducing it
isn't really that big of a deal either, since Plug.Static only needs to
read file modification time and size to determine the ETag.
Closes #1613
2020-03-11 17:58:25 +03:00
Alexander Strizhakov
282a93554f
merging release default config on app start
2020-03-11 16:25:53 +03:00
Ivan Tashkinov
5b696a8ac1
[ #1560 ] Enforced authentication for non-federating instances in StaticFEController.
2020-03-11 14:05:56 +03:00
Ivan Tashkinov
972889550d
Merge remote-tracking branch 'remotes/origin/develop' into 1560-non-federating-instances-routes-restrictions
2020-03-11 09:15:55 +03:00
Mark Felder
5af798f246
Fix enforcement of character limits
2020-03-10 13:08:00 -05:00
Ivan Tashkinov
5fc92deef3
[ #1560 ] Ensured authentication or enabled federation for federation-related routes. New tests + tests refactoring.
2020-03-09 20:51:44 +03:00
Ivan Tashkinov
027714b519
Merge remote-tracking branch 'remotes/origin/develop' into 1560-non-federating-instances-routes-restrictions
2020-03-06 11:48:30 +03:00
Ivan Tashkinov
40765875d4
[ #1560 ] Misc. improvements in ActivityPubController federation state restrictions.
2020-03-05 21:19:21 +03:00
eugenijm
ad22e94f33
Exclude private and direct statuses visible to the admin when using godmode
2020-03-05 15:15:27 +03:00
lain
47604907c9
Merge branch 'proper_error_messages' into 'develop'
...
MastodonController: Return 404 errors correctly.
See merge request pleroma/pleroma!2270
2020-03-05 11:49:51 +00:00
9b740cfb23
Merge branch 'exclude-reblogs-from-admin-api-by-default' into 'develop'
...
Exclude reblogs from `GET /api/pleroma/admin/statuses` by default
Closes #1596
See merge request pleroma/pleroma!2267
2020-03-04 18:22:37 +00:00
lain
4bce13fa2f
MastodonController: Return 404 errors correctly.
2020-03-04 18:09:06 +01:00
lain
6f7a8c43a2
Merge branch 'fix/no-email-no-fail' into 'develop'
...
Do not fail when user has no email
See merge request pleroma/pleroma!2249
2020-03-04 12:43:06 +00:00
Mark Felder
05da5f5cca
Update Copyrights
2020-03-03 16:44:49 -06:00
Ivan Tashkinov
b6fc98d9cd
[ #1560 ] ActivityPubController federation state restrictions adjustments. Adjusted tests.
2020-03-03 22:22:02 +03:00
Ivan Tashkinov
99a6c660a9
Merge remote-tracking branch 'remotes/origin/develop' into 1560-non-federating-instances-routes-restrictions
2020-03-02 18:41:12 +03:00
eugenijm
7af431c150
Exclude reblogs from GET /api/pleroma/admin/statuses
by default
2020-03-02 16:47:31 +03:00
Egor Kislitsyn
4a45b96a91
Merge branch 'develop' into fix/signup-without-email
2020-03-02 15:35:49 +04:00
Haelwenn
764a50f8a6
Merge branch 'feature/1482-activity_pub_transactions' into 'develop'
...
ActivityPub actions & side-effects in transaction
Closes #1482
See merge request pleroma/pleroma!2089
2020-03-02 07:58:01 +00:00
Alexander Strizhakov
cc98d010ed
relay list shows hosts without accepted follow
2020-03-02 09:27:20 +03:00
Haelwenn (lanodan) Monnier
6da6540036
Bump copyright years of files changed after 2020-01-07
...
Done via the following command:
git diff fcd5dd259a
--stat --name-only | xargs sed -i '/Pleroma Authors/c# Copyright © 2017-2020 Pleroma Authors <https:\/\/pleroma.social\/>'
2020-03-02 06:08:45 +01:00
Alexander Strizhakov
34f1d09f3a
spec fix
2020-03-01 12:01:39 +03:00
Alexander Strizhakov
32d1e04817
ActivityPub actions & side-effects in transaction
2020-03-01 12:01:39 +03:00
rinpatch
b5465bf385
timeline controller: add a TODO for replacing copypaste with a macro
2020-03-01 02:03:46 +03:00
rinpatch
ffcebe7e22
timeline controller: rate limit timelines to 3 requests per 500ms per timeline per ip/user
2020-03-01 01:13:08 +03:00
Haelwenn (lanodan) Monnier
3ef2ff3e47
auth_controller.ex: Add admin scope to MastoFE
...
Related: https://git.pleroma.social/pleroma/pleroma/issues/1265
2020-02-29 01:25:14 +01:00
f2216287a7
Merge branch 'admin-status-list' into 'develop'
...
Admin API: `/api/pleroma/admin/statuses` (accepts `godmode` and `local_only`)
Closes #1550
See merge request pleroma/pleroma!2192
2020-02-27 18:11:04 +00:00
Egor Kislitsyn
cb60a9c42f
Do not fail when user has no email
2020-02-27 17:27:49 +04:00
eugenijm
4ab07cf0d5
Admin API: Exclude boosts from GET /api/pleroma/admin/users/:nickname/statuses
and GET /api/pleroma/admin/instance/:instance/statuses
2020-02-26 22:35:57 +03:00
eugenijm
e2a6a40367
Admin API: GET /api/pleroma/admin/statuses
- list all statuses (accepts godmode
and local_only
)
2020-02-26 20:21:38 +03:00
Egor Kislitsyn
f446744a6a
Allow account registration without an email
2020-02-26 20:13:53 +04:00
Egor Kislitsyn
22018adae6
Fix Dialyzer warnings
2020-02-25 18:34:56 +04:00
eugenijm
7ad5c51f23
Admin API: GET /api/pleroma/admin/stats
to get status count by visibility scope
2020-02-24 21:46:37 +03:00
Ivan Tashkinov
0cf1d4fcd0
[ #1560 ] Restricted AP- & OStatus-related routes for non-federating instances.
2020-02-22 19:48:41 +03:00