Commit graph

35 commits

Author SHA1 Message Date
Oneric 0c2b33458d Restrict media usage to owners
In Mastodon media can only be used by owners and only be associated with
a single post. We currently allow media to be associated with several
posts and until now did not limit their usage in posts to media owners.
However, media update and GET lookup was already limited to owners.
(In accordance with allowing media reuse, we also still allow GET
lookups of media already used in a post unlike Mastodon)

Allowing reuse isn’t problematic per se, but allowing use by non-owners
can be problematic if media ids of private-scoped posts can be guessed
since creating a new post with this media id will reveal the uploaded
file content and alt text.
Given media ids are currently just part of a sequentieal series shared
with some other objects, guessing media ids is with some persistence
indeed feasible.

E.g. sampline some public media ids from a real-world
instance with 112 total and 61 monthly-active users:

  17.465.096  at  t0
  17.472.673  at  t1 = t0 + 4h
  17.473.248  at  t2 = t1 + 20min

This gives about 30 new ids per minute of which most won't be
local media but remote and local posts, poll answers etc.
Assuming the default ratelimit of 15 post actions per 10s, scraping all
media for the 4h interval takes about 84 minutes and scraping the 20min
range mere 6.3 minutes. (Until the preceding commit, post updates were
not rate limited at all, allowing even faster scraping.)
If an attacker can infer (e.g. via reply to a follower-only post not
accessbile to the attacker) some sensitive information was uploaded
during a specific time interval and has some pointers regarding the
nature of the information, identifying the specific upload out of all
scraped media for this timerange is not impossible.

Thus restrict media usage to owners.

Checking ownership just in ActivitDraft would already be sufficient,
since when a scheduled status actually gets posted it goes through
ActivityDraft again, but would erroneously return a success status
when scheduling an illegal post.

Independently discovered and fixed by mint in Pleroma
1afde067b1
2024-05-22 20:30:18 +02:00
Oneric 873aa9da1c activity_draft: mark new/2 as private 2024-05-22 20:18:08 +02:00
FloatingGhost 78c44f31ca fix no-language-specified federation 2023-01-11 15:25:34 +00:00
FloatingGhost f86bf16430 Add language support on /api/v1/statuses 2023-01-10 10:29:17 +00:00
ilja 745e15468e Use same context for quote posts as the post that's being quoted (#379)
See https://akkoma.dev/AkkomaGang/akkoma/pulls/350#issuecomment-6109

When making quotes through Mast-API, they will now have the same context as the quoted post. This also results in them being showed when fetching the thread. I checked Misskey to see how it's there, and they show the quotes there as well, see e.g. <https://mk.toast.cafe/notes/98u1g0tulg>.

An example from Akkoma:

Co-authored-by: ilja <git@ilja.space>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/379
Reviewed-by: floatingghost <hannah@coffee-and-dreams.uk>
Co-authored-by: ilja <akkoma.dev@ilja.space>
Co-committed-by: ilja <akkoma.dev@ilja.space>
2022-12-31 18:09:27 +00:00
floatingghost 2641dcdd15 Post editing (#202)
Rebased from #103

Co-authored-by: Tusooa Zhu <tusooa@kazv.moe>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/202
2022-09-06 19:24:02 +00:00
floatingghost 1419eee5df Quote posting (#113)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/113
2022-07-25 16:30:06 +00:00
FloatingGhost cf0ad02ea9 Remove scrobbling support 2022-07-19 15:07:45 +01:00
FloatingGhost 0627da0027 mix format 2022-06-14 16:25:28 +01:00
FloatingGhost 4fb2251221 Allow authoring MFM 2022-06-14 15:56:12 +01:00
Alex Gleason ba6049aa81
Builder.note/1: return {:ok, map(), keyword()} like other Builder functions 2021-08-14 11:24:55 -05:00
Alex Gleason a2eacfc525
CommonAPI.Utils.make_note_data/1 --> ActivityPub.Builder.note/1 2021-08-14 11:01:06 -05:00
Alex Gleason ec65b7ae29 Pleroma.Web.Params --> Pleroma.Web.Utils.Params 2021-06-08 12:50:47 -05:00
Alex Gleason 0877b120c3 Pleroma.Web.ControllerHelper.truthy_param?/1 --> Pleroma.Web.Params.truthy_param?/1
Breaks cycle in lib/pleroma/web/api_spec/operations/status_operation.ex
2021-06-08 12:50:47 -05:00
rinpatch d3660b24d3 Copy emoji in the subject from parent post
Sometimes people put emoji in the subject, which results in the subject
looking broken if someone replies to it from a server that does not
have the said emoji under the same shortcode. This patch solves the problem
by extending the emoji set available in the summary to that of the parent
post.
2021-03-22 21:20:47 +03:00
rinpatch f930e83fa2 Merge branch 'fix/remove_auto_nsfw' into 'develop'
Remove sensitive setting #nsfw

See merge request pleroma/pleroma!3223
2021-03-19 08:48:22 +00:00
Mark Felder b1e1db82bc Store application details in the object under the generator key, not application key 2021-03-01 11:29:10 -06:00
Haelwenn (lanodan) Monnier 3bc7d12271
Remove sensitive-property setting #nsfw, create HashtagPolicy 2021-02-27 21:26:17 +01:00
Mark Felder 3dc7e89c54 Ensure we capture the application details into the object 2021-02-09 18:07:15 -06:00
Haelwenn (lanodan) Monnier c4439c630f
Bump Copyright to 2021
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;'
2021-01-13 07:49:50 +01:00
Egor Kislitsyn 4f79bbbc31
Add local-only statuses 2020-10-15 18:37:44 +04:00
Alexander Strizhakov 9bf1065a06 schedule activity expiration in Oban 2020-09-10 21:50:40 +03:00
Haelwenn (lanodan) Monnier 27c33f216a
activity_draft: Add source field 2020-06-26 05:48:25 +02:00
Egor Kislitsyn a7627bdc7a
Merge remote-tracking branch 'origin/develop' into global-status-expiration 2020-06-01 15:48:51 +04:00
Egor Kislitsyn 7803a85d2c
Add OpenAPI spec for StatusController 2020-05-13 00:25:21 +04:00
Egor Kislitsyn 764b4f95a8
Merge branch 'develop' into global-status-expiration 2020-04-28 14:13:53 +04:00
Alexander 6e625a427c
reply filtering 2020-04-24 15:43:49 +03:00
Egor Kislitsyn 364eecc49f
Merge branch 'develop' into global-status-expiration 2020-04-20 20:37:56 +04:00
Ivan Tashkinov 2f2bd7fe72 Ability to control the output of account/pleroma/relationship in statuses in order to improve the rendering performance.
See `[:extensions, output_relationships_in_statuses_by_default]` setting and `with_relationships` param.
2020-04-01 19:49:09 +03:00
Egor Kislitsyn d1c7f8e576
Merge remote-tracking branch 'origin/develop' into global-status-expiration 2020-03-12 16:02:24 +04:00
Mark Felder 05da5f5cca Update Copyrights 2020-03-03 16:44:49 -06:00
Egor Kislitsyn 4d459b0e99
Move ActivityExpiration creation from CommonApi.post/2 to ActivityPub.insert/4 2020-02-13 22:27:10 +04:00
rinpatch 374f83d29b Fix not being able to post empty statuses with attachments
Attachment field was filled in after the empty status check
2019-09-28 01:58:06 +03:00
Egor Kislitsyn de3e90e536 Add ActivityDraft.with_valid/2 2019-09-26 10:29:34 +07:00
Egor Kislitsyn eed774d058 Add CommonAPI.ActivityDraft 2019-09-26 10:29:34 +07:00