ddd79ff22d
Proactively harden emoji pack against path traversal
...
No new path traversal attacks are known. But given the many entrypoints
and code flow complexity inside pack.ex, it unfortunately seems
possible a future refactor or addition might reintroduce one.
Furthermore, some old packs might still contain traversing path entries
which could trigger undesireable actions on rename or delete.
To ensure this can never happen, assert safety during path construction.
Path.safe_relative was introduced in Elixir 1.14, but
fortunately, we already require at least 1.14 anyway.
2024-03-18 22:33:10 -01:00
d1c4d07404
Convert StealEmoji to pack.json
...
This will decouple filenames from shortcodes and
allow more image formats to work instead of only
those included in the auto-load glob. (Albeit we
still saved other formats to disk, wasting space)
Furthermore, this will allow us to make
final URL paths infeasible to predict.
2024-03-18 22:33:10 -01:00
fa98b44acf
Fill out path for newly created packs
...
Before this was only filled on loading the pack again,
preventing the created pack from being used directly.
2024-03-18 22:33:10 -01:00
1dc8cc731c
Merge branch 'elixir1.15' into develop
2023-08-04 15:16:14 +01:00
fe8c166b8f
Remove IO.inspects
2023-08-04 12:01:52 +01:00
7e45343f81
Resolve information disclosure vulnerability through emoji pack archive download endpoint
2023-08-04 11:34:19 +01:00
98cb255d12
Support elixir1.15
...
OTP builds to 1.15
Changelog entry
Ensure policies are fully loaded
Fix :warn
use main branch for linkify
Fix warn in tests
Migrations for phoenix 1.17
Revert "Migrations for phoenix 1.17"
This reverts commit 6a3b2f15b7
.
Oban upgrade
Add default empty whitelist
mix format
limit test to amd64
OTP 26 tests for 1.15
use OTP_VERSION tag
baka
just 1.15
Massive deps update
Update locale, deps
Mix format
shell????
multiline???
?
max cases 1
use assert_recieve
don't put_env in async tests
don't async conn/fs tests
mix format
FIx some uploader issues
Fix tests
2023-08-03 17:44:09 +01:00
sfr
20cd8a0fc4
URL encode remote emoji pack names ( #362 )
...
fix #246
Co-authored-by: Sol Fisher Romanoff <sol@solfisher.com>
Reviewed-on: AkkomaGang/akkoma#362
Co-authored-by: sfr <sol@solfisher.com>
Co-committed-by: sfr <sol@solfisher.com>
2023-01-15 18:14:04 +00:00
07a48b9293
giant massive dep upgrade and dialyxir-found error emporium ( #371 )
...
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#371
2022-12-14 12:38:48 +00:00
405406601f
Fix emoji qualification ( #124 )
...
Reviewed-on: AkkomaGang/akkoma#124
2022-07-28 12:02:36 +00:00
364b6969eb
Use finch everywhere ( #33 )
...
Reviewed-on: AkkomaGang/akkoma#33
2022-07-04 16:30:38 +00:00
31b9034a27
emoji/loader.ex: be more verbose about which emoji pack config is loading now
...
To avoid issue when one of the hundred JSON files is malformed and
administrator don't know which one
2021-12-17 14:15:44 +00:00
Haelwenn (lanodan) Monnier
a17910a6c6
CI: Bump lint stage to elixir-1.12
...
Elixir 1.12 changed formatting rules, this allows to avoid having to rollback to run `mix format`
2021-10-06 08:11:05 +02:00
Alex Gleason
51a9f97e87
Deprecate Pleroma.Web.base_url/0
...
Use Pleroma.Web.Endpoint.url/0 directly instead. Reduces compiler cycles.
2021-05-31 16:48:03 -05:00
bf9cd4a0e2
Standardize the way we capture and use Mix.env()
2021-02-04 10:13:03 -06:00
887db076b5
Load an emoji.txt specific to the test env
2021-02-03 16:40:59 -06:00
Haelwenn (lanodan) Monnier
c4439c630f
Bump Copyright to 2021
...
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/ >;'
2021-01-13 07:49:50 +01:00
Roger Braun
48cd336a72
allow external emoji
2021-01-06 10:13:01 -06:00
lain
95a9bdfc37
Tests: Use NullCache for async tests.
...
Caching can't work in async tests, so for them it is mocked to a
null cache that is always empty. Synchronous tests are stubbed
with the real Cachex, which is emptied after every test.
2020-12-18 19:53:19 +01:00
lain
713612c377
Cachex: Make caching provider switchable at runtime.
...
Defaults to Cachex.
2020-12-18 17:44:46 +01:00
Maksim Pechnikov
e1d25bad0c
fix tests
2020-11-16 21:45:37 +03:00
Maksim Pechnikov
1830b6aae5
added error messages for posix error code
2020-11-13 15:21:59 +03:00
Ekaterina Vaartis
8f00d90f91
Use Pleroma.HTTP instead of Tesla
...
Closes #2275
As discovered in the issue, captcha used Tesla.get instead of
Pleroma.HTTP. I've also grep'ed the repo and changed the other place
where this was used.
2020-11-01 12:05:39 +03:00
Mark Felder
8539e386c3
Add missing Copyright headers
2020-10-12 12:00:50 -05:00
Alexander Strizhakov
8c6ec4c111
pack routes change
2020-09-24 09:16:14 +03:00
Alexander Strizhakov
dbbc801667
pagination for remote emoji packs
2020-09-24 09:12:39 +03:00
Alexander Strizhakov
9b6d89ff8c
support for special chars in pack name
2020-09-24 09:12:37 +03:00
Maksim
489a107cf4
Apply 1 suggestion(s) to 1 file(s)
2020-09-13 11:54:15 +00:00
Maksim
b267b751d4
Apply 1 suggestion(s) to 1 file(s)
2020-08-25 05:38:25 +00:00
Maksim Pechnikov
14ec12ac95
added tests
2020-08-24 15:01:45 +03:00
Maksim Pechnikov
f5845ff033
upload emoji zip file
2020-08-22 10:42:02 +03:00
Mark Felder
d23804f191
Use the Pleroma.Config alias
2020-07-09 10:53:51 -05:00
Alexander Strizhakov
aae1af8cf1
fix for emoji pagination in pack show
2020-06-24 18:06:30 +03:00
Alexander Strizhakov
1a704e1f1e
fix for packs pagination
2020-06-20 10:56:28 +03:00
Alexander Strizhakov
3e3f9253e6
adding overall count for packs and files
2020-06-19 10:17:24 +03:00
Alexander Strizhakov
4975ed86bc
emoji pagination for pack show action
2020-06-18 18:50:03 +03:00
Alexander Strizhakov
3becdafd33
emoji packs pagination
2020-06-18 14:32:21 +03:00
Mark Felder
95f6240889
Fix minor spelling error
2020-05-27 14:34:37 -05:00
Egor Kislitsyn
8bde8dfec2
Cleanup Pleroma.Emoji.Pack
2020-05-18 19:43:23 +04:00
Egor Kislitsyn
6e4de715b3
Add OpenAPI spec for PleromaAPI.EmojiAPIController
2020-05-18 19:28:46 +04:00
Alexander Strizhakov
36abeedf9f
error rename
2020-04-30 16:09:22 +03:00
Alexander Strizhakov
ddb757f743
emoji api packs changes in routes with docs update
2020-04-30 16:09:18 +03:00
Alexander Strizhakov
342f55fb92
refactor emoji api with fixes
2020-04-30 15:45:52 +03:00
Haelwenn (lanodan) Monnier
9172d719cc
profile emojis in User.emoji instead of source_data
2020-04-10 06:20:02 +02:00
Mark Felder
05da5f5cca
Update Copyrights
2020-03-03 16:44:49 -06:00
Ekaterina Vaartis
1fd9c60f87
Fix emoji tags for shareable packs to be "pack:{name}"
2019-09-25 12:34:03 +02:00
Maksim Pechnikov
1a858134ed
Merge branch 'develop' into issue/1218
2019-09-25 12:24:12 +03:00
Maksim Pechnikov
6ef0103ca0
added Emoji struct
2019-08-31 10:14:53 +03:00
Maksim Pechnikov
d8098d142a
added Emoji.Formatter
2019-08-30 22:04:17 +03:00
Maksim
5c90b70733
Apply suggestion to lib/pleroma/emoji/loader.ex
2019-08-30 07:30:54 +03:00