fedi/akkoma
1
0
Fork 0
mirror of https://akkoma.dev/AkkomaGang/akkoma.git synced 2024-11-08 17:34:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
15804 commits 26 branches 107 tags 316 MiB
Commit graph

52 commits

Author SHA1 Message Date
Oneric ddd79ff22d Proactively harden emoji pack against path traversal 
No new path traversal attacks are known. But given the many entrypoints
and code flow complexity inside pack.ex, it unfortunately seems
possible a future refactor or addition might reintroduce one.
Furthermore, some old packs might still contain traversing path entries
which could trigger undesireable actions on rename or delete.

To ensure this can never happen, assert safety during path construction.

Path.safe_relative was introduced in Elixir 1.14, but
fortunately, we already require at least 1.14 anyway.
 2024-03-18 22:33:10 -01:00
Oneric d1c4d07404 Convert StealEmoji to pack.json 
This will decouple filenames from shortcodes and
allow more image formats to work instead of only
those included in the auto-load glob. (Albeit we
still saved other formats to disk, wasting space)

Furthermore, this will allow us to make
final URL paths infeasible to predict.
 2024-03-18 22:33:10 -01:00
Oneric fa98b44acf Fill out path for newly created packs 
Before this was only filled on loading the pack again,
preventing the created pack from being used directly.
 2024-03-18 22:33:10 -01:00
FloatingGhost 1dc8cc731c Merge branch 'elixir1.15' into develop 2023-08-04 15:16:14 +01:00
FloatingGhost fe8c166b8f Remove IO.inspects 2023-08-04 12:01:52 +01:00
Mark Felder 7e45343f81 Resolve information disclosure vulnerability through emoji pack archive download endpoint 2023-08-04 11:34:19 +01:00
FloatingGhost 98cb255d12 Support elixir1.15 
OTP builds to 1.15

Changelog entry

Ensure policies are fully loaded

Fix :warn

use main branch for linkify

Fix warn in tests

Migrations for phoenix 1.17

Revert "Migrations for phoenix 1.17"

This reverts commit 6a3b2f15b7.

Oban upgrade

Add default empty whitelist

mix format

limit test to amd64

OTP 26 tests for 1.15

use OTP_VERSION tag

baka

just 1.15

Massive deps update

Update locale, deps

Mix format

shell????

multiline???

?

max cases 1

use assert_recieve

don't put_env in async tests

don't async conn/fs tests

mix format

FIx some uploader issues

Fix tests
 2023-08-03 17:44:09 +01:00
sfr 20cd8a0fc4 URL encode remote emoji pack names (#362) 
fix #246

Co-authored-by: Sol Fisher Romanoff <sol@solfisher.com>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/362
Co-authored-by: sfr <sol@solfisher.com>
Co-committed-by: sfr <sol@solfisher.com>
 2023-01-15 18:14:04 +00:00
floatingghost 07a48b9293 giant massive dep upgrade and dialyxir-found error emporium (#371) 
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/371
 2022-12-14 12:38:48 +00:00
floatingghost 405406601f Fix emoji qualification (#124) 
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/124
 2022-07-28 12:02:36 +00:00
floatingghost 364b6969eb Use finch everywhere (#33) 
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/33
 2022-07-04 16:30:38 +00:00
a1batross 31b9034a27 emoji/loader.ex: be more verbose about which emoji pack config is loading now 
To avoid issue when one of the hundred JSON files is malformed and
administrator don't know which one
 2021-12-17 14:15:44 +00:00
Haelwenn (lanodan) Monnier a17910a6c6
CI: Bump lint stage to elixir-1.12 
Elixir 1.12 changed formatting rules, this allows to avoid having to rollback to run `mix format`
 2021-10-06 08:11:05 +02:00
Alex Gleason 51a9f97e87
Deprecate Pleroma.Web.base_url/0 
Use Pleroma.Web.Endpoint.url/0 directly instead. Reduces compiler cycles.
 2021-05-31 16:48:03 -05:00
Mark Felder bf9cd4a0e2 Standardize the way we capture and use Mix.env() 2021-02-04 10:13:03 -06:00
Mark Felder 887db076b5 Load an emoji.txt specific to the test env 2021-02-03 16:40:59 -06:00
Haelwenn (lanodan) Monnier c4439c630f
Bump Copyright to 2021 
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;'
 2021-01-13 07:49:50 +01:00
Roger Braun 48cd336a72 allow external emoji 2021-01-06 10:13:01 -06:00
lain 95a9bdfc37 Tests: Use NullCache for async tests. 
Caching can't work in async tests, so for them it is mocked to a
null cache that is always empty. Synchronous tests are stubbed
with the real Cachex, which is emptied after every test.
 2020-12-18 19:53:19 +01:00
lain 713612c377 Cachex: Make caching provider switchable at runtime. 
Defaults to Cachex.
 2020-12-18 17:44:46 +01:00
Maksim Pechnikov e1d25bad0c fix tests 2020-11-16 21:45:37 +03:00
Maksim Pechnikov 1830b6aae5 added error messages for posix error code 2020-11-13 15:21:59 +03:00
Ekaterina Vaartis 8f00d90f91 Use Pleroma.HTTP instead of Tesla 
Closes #2275

As discovered in the issue, captcha used Tesla.get instead of
Pleroma.HTTP. I've also grep'ed the repo and changed the other place
where this was used.
 2020-11-01 12:05:39 +03:00
Mark Felder 8539e386c3 Add missing Copyright headers 2020-10-12 12:00:50 -05:00
Alexander Strizhakov 8c6ec4c111
pack routes change 2020-09-24 09:16:14 +03:00
Alexander Strizhakov dbbc801667
pagination for remote emoji packs 2020-09-24 09:12:39 +03:00
Alexander Strizhakov 9b6d89ff8c
support for special chars in pack name 2020-09-24 09:12:37 +03:00
Maksim 489a107cf4 Apply 1 suggestion(s) to 1 file(s) 2020-09-13 11:54:15 +00:00
Maksim b267b751d4 Apply 1 suggestion(s) to 1 file(s) 2020-08-25 05:38:25 +00:00
Maksim Pechnikov 14ec12ac95 added tests 2020-08-24 15:01:45 +03:00
Maksim Pechnikov f5845ff033 upload emoji zip file 2020-08-22 10:42:02 +03:00
Mark Felder d23804f191 Use the Pleroma.Config alias 2020-07-09 10:53:51 -05:00
Alexander Strizhakov aae1af8cf1
fix for emoji pagination in pack show 2020-06-24 18:06:30 +03:00
Alexander Strizhakov 1a704e1f1e
fix for packs pagination 2020-06-20 10:56:28 +03:00
Alexander Strizhakov 3e3f9253e6
adding overall count for packs and files 2020-06-19 10:17:24 +03:00
Alexander Strizhakov 4975ed86bc
emoji pagination for pack show action 2020-06-18 18:50:03 +03:00
Alexander Strizhakov 3becdafd33
emoji packs pagination 2020-06-18 14:32:21 +03:00
Mark Felder 95f6240889 Fix minor spelling error 2020-05-27 14:34:37 -05:00
Egor Kislitsyn 8bde8dfec2
Cleanup Pleroma.Emoji.Pack 2020-05-18 19:43:23 +04:00
Egor Kislitsyn 6e4de715b3
Add OpenAPI spec for PleromaAPI.EmojiAPIController 2020-05-18 19:28:46 +04:00
Alexander Strizhakov 36abeedf9f
error rename 2020-04-30 16:09:22 +03:00
Alexander Strizhakov ddb757f743
emoji api packs changes in routes with docs update 2020-04-30 16:09:18 +03:00
Alexander Strizhakov 342f55fb92
refactor emoji api with fixes 2020-04-30 15:45:52 +03:00
Haelwenn (lanodan) Monnier 9172d719cc
profile emojis in User.emoji instead of source_data 2020-04-10 06:20:02 +02:00
Mark Felder 05da5f5cca Update Copyrights 2020-03-03 16:44:49 -06:00
Ekaterina Vaartis 1fd9c60f87 Fix emoji tags for shareable packs to be "pack:{name}" 2019-09-25 12:34:03 +02:00
Maksim Pechnikov 1a858134ed Merge branch 'develop' into issue/1218 2019-09-25 12:24:12 +03:00
Maksim Pechnikov 6ef0103ca0 added Emoji struct 2019-08-31 10:14:53 +03:00
Maksim Pechnikov d8098d142a added Emoji.Formatter 2019-08-30 22:04:17 +03:00
Maksim 5c90b70733 Apply suggestion to lib/pleroma/emoji/loader.ex 2019-08-30 07:30:54 +03:00