Commit graph

2055 commits

Author SHA1 Message Date
William Pitcock cf5d1302aa migrations: add is_moderator index for users table 2018-09-03 11:55:12 +00:00
kaniini 3370fab1d0 Merge branch 'security/emoji-xss' into 'develop'
formatter: don't add XSS emoji

See merge request pleroma/pleroma!322
2018-09-02 00:08:56 +00:00
William Pitcock 834515fb51 formatter: don't add XSS emoji 2018-09-02 00:04:09 +00:00
kaniini 3c7280934e Merge branch 'security/activitypub-spoofing' into 'develop'
security: activitypub spoofing

See merge request pleroma/pleroma!321
2018-09-01 23:48:55 +00:00
William Pitcock 03e92977cb transmogrifier: fix peertube/plume actor handling 2018-09-01 23:44:19 +00:00
William Pitcock 303af9ba4c tests: add regression tests 2018-09-01 23:33:10 +00:00
William Pitcock 0b2c051a04 activitypub: fix possibility of spoofing by containing remote objects to the same domain as their actor 2018-09-01 23:20:02 +00:00
Haelwenn e4079abab8 Merge branch 'feature/disable-config-management' into 'develop'
config: add ability to disable Pleroma FE config management (closes #276)

Closes #276

See merge request pleroma/pleroma!320
2018-09-01 21:47:35 +00:00
William Pitcock e2ce0e9e05 run mix format. 2018-09-01 21:12:42 +00:00
William Pitcock c921d99898 config: add ability to disable Pleroma FE config management (closes #276) 2018-09-01 21:05:32 +00:00
kaniini 2e2f458705 Merge branch 'lanodan/code-dup_in_mastoapi_search' into 'develop'
Clean code duplication in MastoAPI search(v1/v2)

See merge request pleroma/pleroma!316
2018-09-01 09:12:59 +00:00
kaniini 95abc0eaaa Merge branch 'verify-credentials-default-scope' into 'develop'
Specify default scope in verify_credentials

See merge request pleroma/pleroma!317
2018-09-01 08:48:40 +00:00
Will Pearson 0c2a0e3551 Specify default scope in verify_credentials
Certain Mastodon/Pleroma front ends call verify_credentials to get the
default scope of a new toot.

Currently, Pleroma hardcodes this value to "public".

This patch changes it to the user's default_scope value.
2018-08-31 21:04:46 -07:00
Haelwenn (lanodan) Monnier 8885d16e1b
[Pleroma.Web.MastodonAPI.MastodonAPIController].search(2)?: Remove code duplication 2018-09-01 03:11:58 +02:00
lambda d31bbb1cfe Merge branch 'revert-a26d5e6b' into 'develop'
Revert "Merge branch 'feature/rich-text' into 'develop'"

See merge request pleroma/pleroma!313
2018-08-31 09:53:00 +00:00
lambda 58539e1357 Revert "Merge branch 'feature/rich-text' into 'develop'"
This reverts merge request !309
2018-08-31 09:51:20 +00:00
kaniini 340ab3cb90 Merge branch 'bugfix/s3-configuration' into 'develop'
config: fix up defaults for s3 endpoint configuration

See merge request pleroma/pleroma!312
2018-08-31 04:50:44 +00:00
William Pitcock de5bd6fc65 config: fix up defaults for s3 endpoint configuration 2018-08-31 04:43:15 +00:00
kaniini 03ecbe0456 Merge branch 'update/pleroma-fe-20180831' into 'develop'
update pleroma frontend

See merge request pleroma/pleroma!311
2018-08-31 04:36:04 +00:00
William Pitcock 2b4b4888a9 update pleroma frontend 2018-08-31 04:35:18 +00:00
kaniini d40466c291 Merge branch 'update/pleroma-fe-config-20180831' into 'develop'
config: chase pleroma-fe updates from MR pleroma-fe!324.

See merge request pleroma/pleroma!310
2018-08-31 04:06:18 +00:00
William Pitcock 856b5e1ca4 config: chase pleroma-fe updates from MR pleroma-fe!324. 2018-08-31 04:01:21 +00:00
kaniini a26d5e6b2a Merge branch 'feature/rich-text' into 'develop'
rich text support

See merge request pleroma/pleroma!309
2018-08-31 03:41:00 +00:00
William Pitcock e7871ed05e tests: add tests for evil HTML filtering 2018-08-31 03:34:56 +00:00
William Pitcock 6aa65b68b8 common api: add support for formatting messages outside of twitter-style plain text 2018-08-31 03:13:59 +00:00
kaniini e838969495 Merge branch 'use-media-proxy-in-suggestions-api' into 'develop'
use media proxy for the suggestions api

See merge request pleroma/pleroma!305
2018-08-30 23:06:30 +00:00
kaniini 65e8d47cfb Merge branch 'backendhack' into 'develop'
Flexible Storage Backends

See merge request pleroma/pleroma!304
2018-08-30 23:05:01 +00:00
Thurloat adffad5502 increase uploader behaviour documentation accuracy. 2018-08-30 09:20:29 -03:00
Thurloat af01f0196a Add backend failure handling with :ok | :error so the uploader can handle it.
defaulting to :ok, since that's the currently level of error handling.
2018-08-29 22:07:28 -03:00
William Pitcock 1a70d41f8e migrations: add index creation migration and recipients_to/cc removal migration 2018-08-29 18:41:02 +00:00
William Pitcock 29b5e30c46 activity: drop recipients_to/recipients_cc fields 2018-08-29 18:41:02 +00:00
William Pitcock 038139d641 migrations: drop filler migration 2018-08-29 18:41:02 +00:00
William Pitcock de9acebbf3 activitypub: use jsonb query for containment instead of recipients_to/recipients_cc. 2018-08-29 18:41:02 +00:00
Haelwenn b11746726e Merge branch 'fix-mastodon-notifications-without-nickname' into 'develop'
Fix Mastodon API when actor's nickname is null

See merge request pleroma/pleroma!308
2018-08-29 14:43:45 +00:00
href ddc6f32b75
Fix Mastodon API when actor's nickname is null 2018-08-29 16:32:50 +02:00
William Pitcock cce9d008f9 streamer: contain list updates in the same way as we do with the database query 2018-08-29 09:23:05 +00:00
William Pitcock ded9091206 mastodon api: use bounded AP object graph query to enforce containment of private statuses 2018-08-29 08:51:51 +00:00
William Pitcock 643fae6e36 activitypub: allow querying the activity/object graph bounded to a specific to/cc set 2018-08-29 08:51:23 +00:00
William Pitcock 9cac7c957c test: add testcase proving lists system does not leak non-public posts 2018-08-29 08:50:23 +00:00
William Pitcock 40ea07cd2f migrations: add migration to fill in recipients_to/recipients_cc fields 2018-08-29 08:43:24 +00:00
William Pitcock 81673b8136 activity: add recipients_to and recipients_cc fields 2018-08-29 08:42:33 +00:00
Thurloat d424e9fa5f fix S3 ref in sample config to generate proper path. 2018-08-28 23:49:23 -03:00
Thurloat ab9e5d64d6 add a sample swift config 2018-08-28 22:39:33 -03:00
Thurloat 2ff25ac0ce A hobbldey-working swift client.
apparently, all elixir openstack libraries are trash
luckily, the APIs are stupid easy.
2018-08-28 22:32:24 -03:00
Thurloat 9fc20ed572 works now, tested with profile photo upload on local backend. 2018-08-28 20:04:26 -03:00
Thurloat dad39b24a1 add the behaviour, work on actually making it work. 2018-08-28 19:48:03 -03:00
Haelwenn (lanodan) Monnier 0fd2eaf7af
installation/pleroma.nginx: Add Content-Security-Policy
Closes: https://git.pleroma.social/pleroma/pleroma/issues/266
2018-08-28 20:54:50 +02:00
Thurloat 8d2d7a8859 Implement uploader behaviour
run formatter <#
2018-08-28 09:57:41 -03:00
Hakaba Hitoyo 6cbfb5ab5d use media proxy for suggestions api 2018-08-28 17:01:17 +09:00
Thurloat 0df558a6a5 cleaning up a bit. 2018-08-27 22:45:53 -03:00