Commit graph

9192 commits

Author SHA1 Message Date
FloatingGhost ec5db753b9 Prevent elixir compiler from yeeting our modules 2023-08-05 14:03:21 +01:00
mae d868348fac Completely disable xml entity resolution 2023-08-05 12:32:05 +00:00
FloatingGhost 31d7cc9a9c Allow Pleroma.HTTP to connect to raw-HTTP without freaking mint out 2023-08-04 23:51:15 +01:00
FloatingGhost 8670d89316 Remove duplicated path
Fixes #604
2023-08-04 22:39:11 +01:00
FloatingGhost b4399574ca Merge remote-tracking branch 'norm/config-permissions' into develop 2023-08-04 22:31:11 +01:00
Mae 1f54bea564 Prevent XML parser from loading external entities 2023-08-04 22:24:17 +01:00
Haelwenn (lanodan) Monnier 4f57c87be4
instance gen: Reduce permissions of pleroma directories and config files
Original: 69caedc591
2023-08-04 14:13:50 -04:00
Haelwenn (lanodan) Monnier ae03513934
Config: Restrict permissions of OTP config file
Original: 8cc8100120
2023-08-04 14:13:36 -04:00
FloatingGhost 0b2ec0ccee Enable AnonymizeFilenames on all uploads 2023-08-04 15:37:15 +01:00
FloatingGhost 723bd123a0 Correct ordering for block/mutes 2023-08-04 15:18:07 +01:00
FloatingGhost 1dc8cc731c Merge branch 'elixir1.15' into develop 2023-08-04 15:16:14 +01:00
FloatingGhost 64e233ca20 Tag Mock-tests as "mocked" and run them seperately 2023-08-04 12:50:50 +01:00
FloatingGhost 2946bf4011 mix format 2023-08-04 12:04:24 +01:00
FloatingGhost fe8c166b8f Remove IO.inspects 2023-08-04 12:01:52 +01:00
Mark Felder 7e45343f81 Resolve information disclosure vulnerability through emoji pack archive download endpoint 2023-08-04 11:34:19 +01:00
FloatingGhost 98cb255d12 Support elixir1.15
OTP builds to 1.15

Changelog entry

Ensure policies are fully loaded

Fix :warn

use main branch for linkify

Fix warn in tests

Migrations for phoenix 1.17

Revert "Migrations for phoenix 1.17"

This reverts commit 6a3b2f15b7.

Oban upgrade

Add default empty whitelist

mix format

limit test to amd64

OTP 26 tests for 1.15

use OTP_VERSION tag

baka

just 1.15

Massive deps update

Update locale, deps

Mix format

shell????

multiline???

?

max cases 1

use assert_recieve

don't put_env in async tests

don't async conn/fs tests

mix format

FIx some uploader issues

Fix tests
2023-08-03 17:44:09 +01:00
FloatingGhost babb4b9a8f Merge branch 'metadata_webfinger' into develop 2023-08-02 12:05:43 +01:00
FloatingGhost 27cbfb8985 Send a NIL body rather than an empty one with GET/HEAD 2023-08-01 11:26:05 +01:00
Walter Huf 7ff9c356f4 Merge remote-tracking branch 'upstream/develop' into metadata_webfinger 2023-07-27 07:43:17 -07:00
Weblate eba3cce77b Update translation files
Updated by "Squash Git commits" hook in Weblate.

Translation: Pleroma fe/Akkoma Backend (Config Descriptions)
Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/
2023-07-27 13:14:05 +00:00
FloatingGhost fa23098093 Merge branch 'develop' into arm 2023-07-27 14:01:11 +01:00
floatingghost 6db8ab7c94 Merge pull request 'Varied selection of Pleroma cherry-picks' (#567) from XxXCertifiedForkliftDriverXxX/akkoma:cherry-picks into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/567
2023-07-27 12:53:56 +00:00
FloatingGhost 34601065c3 Mix format 2023-07-20 17:34:05 +01:00
FloatingGhost 33e7ae7637 Allow nil attachments 2023-07-17 20:03:31 +01:00
FloatingGhost 900b9b0124 Merge branch 'develop' into active-emoji-reactions 2023-07-17 19:45:43 +01:00
FloatingGhost c63ae73bc0 Add embed controller tests 2023-07-17 19:18:21 +01:00
FloatingGhost 16d2bfef80 Ensure embeds will not be served if unauthenticated users could not see it 2023-07-17 18:24:53 +01:00
FloatingGhost c8904f15a2 Correct behaviour of mediaproxy blocklist 2023-07-17 18:17:04 +01:00
FloatingGhost 8fe29bf5d2 Exclude deactivated users from emoji reaction lists 2023-07-17 17:53:03 +01:00
floatingghost 210df6fe92 Merge pull request 'Fix the /embed endpoint' (#540) from mikihau/akkoma:develop into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/540
2023-07-15 20:48:30 +00:00
Mark Felder 5144d6f4ba Add OnlyMedia Upload Filter to simplify restricting uploads to audio, image, and video types
Original: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3897
2023-06-28 01:56:14 +01:00
floatingghost 3e4a279a1b Merge pull request 'Implement blocklists for MediaProxy' (#574) from XxXCertifiedForkliftDriverXxX/akkoma:feature/mediaproxy-blocklist into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/574
2023-06-28 00:54:25 +00:00
XxXCertifiedForkliftDriverXxX 767e1272b3 Use OS CA store for Mint HTTP connections 2023-06-26 15:50:49 +02:00
XxXCertifiedForkliftDriverXxX 07b478dc49 Implement blocklists for MediaProxy 2023-06-26 15:18:31 +02:00
tusooa c0a01e73cf Enforce unauth restrictions for public streaming endpoints 2023-06-14 22:45:19 +00:00
tusooa fee6e2aac4 Fix deleting banned users' statuses 2023-06-14 22:45:19 +00:00
Haelwenn (lanodan) Monnier 8669a0abcb UploadedMedia: Increase readability via ~s sigil 2023-06-14 22:45:19 +00:00
Haelwenn (lanodan) Monnier 37b0d774fa UploadedMedia: Add missing disposition_type to Content-Disposition
Set it to `inline` because the vast majority of what's sent is multimedia
content while `attachment` would have the side-effect of triggering a
download dialog.

Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3114
2023-06-14 22:45:19 +00:00
tusooa 3095251e6c Dedupe poll options 2023-06-14 22:45:19 +00:00
tusooa 79a18f761b Allow with_relationships param for blocks 2023-06-14 22:45:19 +00:00
kPherox 8fb235e71b fix: append field values to bio before parsing 2023-06-14 19:44:07 +00:00
kPherox d6271e7613 feat: build rel me tags with profile fields 2023-06-14 19:44:07 +00:00
Alexander Tumin 5adce547d0 Require related object for notifications to filter on content 2023-06-14 19:41:48 +00:00
tusooa 05e80d1879 Fix block_from_stranger setting 2023-06-14 19:41:44 +00:00
tusooa 1268dbc562 Fix type of admin_account.is_confirmed 2023-06-14 19:38:22 +00:00
tusooa 651979217a Fix failure when registering a user with no email when approval required 2023-06-14 19:33:58 +00:00
Mark Felder 997551bac9 Fix TwitterCard meta tags
TwitterCard meta tags are supposed to use the attributes "name" and "content".
OpenGraph tags use the attributes "property" and "content".

Twitter itself is smart enough to detect broken meta tags and discover the TwitterCard
using "property" and "content", but other platforms that only implement parsing of TwitterCards
and not OpenGraph may fail to correctly detect the tags as they're under the wrong attributes.

> "Open Graph protocol also specifies the use of property and content attributes for markup while
> Twitter cards use name and content. Twitter’s parser will fall back to using property and content,
> so there is no need to modify existing Open Graph protocol markup if it already exists." [0]

[0] https://developer.twitter.com/en/docs/twitter-for-websites/cards/guides/getting-started
2023-06-14 19:30:19 +00:00
Tusooa Zhu 7b9cc9a9b0 Exclude Announce instead of restricting to Create in visibility_tags 2023-06-14 17:20:55 +00:00
Tusooa Zhu fd38756e92 Do not stream out Announces to public timelines 2023-06-14 17:20:55 +00:00
Tusooa Zhu 5ef7c15d92 Make local-only posts stream in local timeline 2023-06-14 17:18:26 +00:00
Hélène 3227ebf1e1 CommonFixes: more predictable context generation
`context` fields for objects and activities can now be generated based
on the object/activity `inReplyTo` field or its ActivityPub ID, as a
fallback method in cases where `context` fields are missing for incoming
activities and objects.
2023-06-14 16:22:26 +00:00
Norm b99053d2c2 Reload emoji when using mix pleroma.emoji gen-pack and get-packs
I think it makes more sense that the emoji cache gets reloaded in Akkoma if you add or create emoji packs.
2023-06-04 02:43:18 +00:00
Miki Hau 593ddbd796 fix the /embed endpoint 2023-05-31 23:42:08 +00:00
XxXCertifiedForkliftDriverXxX 1b560d547a Stop exposing if a user blocks you over the API. 2023-05-28 23:42:27 +02:00
Haelwenn (lanodan) Monnier 70b0f93865 Apply oembed patch 2023-05-26 20:45:57 +01:00
FloatingGhost a388d2503e revert uploaded-media 2023-05-26 12:06:41 +01:00
FloatingGhost 7fb9960ccd Add CSP to mediaproxy links 2023-05-26 11:46:18 +01:00
FloatingGhost 9d83a1e23f Add csp 2023-05-26 11:41:22 +01:00
FloatingGhost 8c208f751d Fix filtering out incorrect addresses 2023-05-23 13:46:25 +01:00
FloatingGhost 037f881187 Fix create processing in direct message disabled 2023-05-23 13:16:20 +01:00
FloatingGhost ab34680554 switch to using an enum system for DM acceptance 2023-05-23 10:29:08 +01:00
FloatingGhost d310f99d6a Add MRFs for direct message manipulation 2023-05-22 23:53:44 +01:00
floatingghost f72d773cc3 Merge pull request 'Make UserNote comment default to the empty string.' (#530) from provable_ascent/akkoma:provable_ascent-patch-1 into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/530
2023-05-22 21:33:01 +00:00
floatingghost 3437e11cf7 Merge pull request 'Return empty string in the event of no detected language' (#535) from midnight/akkoma:fix-libretranslate into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/535
2023-05-22 21:30:51 +00:00
floatingghost 6225f24f5f Merge pull request 'Clean up bookmarks after prune_objects' (#544) from ilja/akkoma:clean_up_bookmarks_after_prune_objects into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/544
2023-05-22 21:28:48 +00:00
ilja f49e9e6d4c Clean up bookmarks after prune_objects
When doing prune_objects, it's possible that bookmarked objects are deleted.
This gave problems when fetching the bookmark TL.
Here we clean up the bookmarks during pruning in the case were it's possible that bookmarked objects are deleted.
2023-05-21 13:02:28 +02:00
midnight f1e66b39c7 Return empty string in the event of no detected language 2023-05-08 18:52:19 -04:00
provable_ascent d8bed0ff63 Make UserNote comment default to the empty string.
This make the behavior consistent between when UserNote doesn't exist and when comment is null.

The current behavior may return null in APIs, which misleads some clients doing feature detection into thinking the server does not support comments.
For example, see https://codeberg.org/husky/husky/issues/92
2023-04-27 05:22:12 +00:00
FloatingGhost b86b3a9e29 Support public key URIs that incomprehensibly have GET args
Fixes #528
2023-04-25 13:30:20 +01:00
FloatingGhost f2b4e7f86b Merge branch 'develop' of akkoma.dev:AkkomaGang/akkoma into develop 2023-04-14 17:56:56 +01:00
FloatingGhost 522221f7fb Mix format 2023-04-14 17:56:34 +01:00
Atsuko Karagi 1fa3c0b485 Remove support for outdated Create format 2023-04-14 17:46:22 +01:00
Atsuko Karagi d2b0d86471 HTTP signatures respect allowlist federation 2023-04-14 17:46:06 +01:00
FloatingGhost f12d3cce39 ensure only pickable frontends can be returned 2023-04-14 17:42:40 +01:00
floatingghost 8c86a06ed1 Merge pull request 'Remove "default" image description' (#493) from ilja/akkoma:remove_default_image_description into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/493
2023-04-14 16:27:41 +00:00
FloatingGhost 4c9c959bb3 Merge branch 'develop' into frontend-switcher-9000 2023-04-14 16:56:10 +01:00
FloatingGhost 9e8e7cc13e Add note telling people to refresh 2023-04-14 16:55:48 +01:00
FloatingGhost a079ec3a3c in dev, allow dev FE 2023-04-14 16:36:40 +01:00
FloatingGhost 1b2c24a19e fix tests 2023-04-14 15:20:55 +01:00
FloatingGhost 2a8c1f4192 Add extra diagnostic tasks in 2023-03-29 14:11:00 +01:00
FloatingGhost 66d162bb9e Add debug logs to timeline rendering to assist debugging 2023-03-29 12:01:16 +01:00
FloatingGhost d85d1e128a we don't actually need the object on redirect 2023-03-29 11:44:03 +01:00
sadposter 3f340cbc43 Only even attempt to fetch local activities by object_id
TODO: PLEASE FOR THE LOVE OF KANATAN CACHE THIS
2023-03-29 03:32:24 +01:00
FloatingGhost de64c6c54a add selection UI 2023-03-28 12:44:52 +01:00
floatingghost 281c4636fa Merge pull request 'Show bubble_timeline in the api if any instances are set in it' (#502) from foxing/akkoma:foxing-patch-1 into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/502
2023-03-21 10:13:41 +00:00
FloatingGhost dd44387f1a Add timeline visibility options 2023-03-17 15:33:28 +00:00
FloatingGhost fe7045632b also put publicVisibility in preloaded nodeinfo 2023-03-15 22:59:58 +00:00
FloatingGhost 9464d50562 Add publicTimelineVisibility to nodeinfo 2023-03-15 22:13:18 +00:00
foxing bd040fe96a Merge branch 'develop' into foxing-patch-1 2023-03-13 03:41:15 +00:00
foxing ba635e97c8 Use enum empty instead 2023-03-13 03:40:20 +00:00
floatingghost 377d1483b6 Merge pull request 'Apply security patch from pleroma to prevent nested file names being uploaded to the server.' (#507) from foxing/akkoma:foxing-patch-2 into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/507
2023-03-13 00:29:51 +00:00
FloatingGhost 643b8c5f15 ensure we send the right files for preferred fe 2023-03-12 23:59:10 +00:00
FloatingGhost 3d964a9970 Add frontend preference route 2023-03-12 23:24:07 +00:00
foxing c2ae3273d5 Merge branch 'develop' into foxing-patch-2 2023-03-12 19:23:22 +00:00
foxing 3f76de76da Apply Patch 2023-03-12 19:13:56 +00:00
flisk 0c77be9308 don't crash on malformed avatar and banner values
weird values in href will cause base64 encoding to fail later down the
line, so let's make sure the value we're passing on is somewhat sane, or
at the very least a binary

this fixes #482
2023-03-12 18:14:05 +01:00
ilja 6c396fcab4 Remove "default" image description
When no image description is filled in, Pleroma allowed fallbacks.
Those were (based on a setting) either the filename, or a fixed description.
Neither are good options for image descriptions imo, so here we remove this.

Note that there's two tests removed who supposedly tested something else.
But examining closer, they didn't seem to test what they claimed to test,
so I removed them rather than try to "fix" them.
2023-03-12 08:42:33 +01:00
foxing e17d8f744e Merge branch 'develop' into foxing-patch-1 2023-03-11 19:09:14 +00:00
FloatingGhost 70803d7966 Remove mix.env reference 2023-03-11 18:24:44 +00:00
FloatingGhost 5ca22c2459 ensure we can't have a null in appends 2023-03-11 17:24:49 +00:00