Commit graph

6554 commits

Author SHA1 Message Date
Michael Stanclift 4f6d121b24 Fix trending publishers table not rendering correctly on narrow screens (#25945) 2023-07-21 16:07:24 +02:00
Claire 517c4a8a7a Fix processing of media files with unusual names (#25788) 2023-07-07 19:35:24 +02:00
Claire dca0d8427e Fix crash in admin interface when viewing a remote user with verified links (#25796) 2023-07-07 19:35:24 +02:00
Claire ca4b23bf0d
Merge pull request from GHSA-55j9-c3mp-6fcq 2023-07-06 15:06:49 +02:00
Claire 32e5a9f053
Merge pull request from GHSA-9pxv-6qvf-pjwc
* Fix timeout handling of outbound HTTP requests

* Use CLOCK_MONOTONIC instead of Time.now
2023-07-06 15:06:24 +02:00
Claire 987f909994
Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Claire c02fa93c57
Merge pull request from GHSA-ccm4-vgcc-73hp
* Tighten allowed HTML in oEmbed-based preview cards

* Sanitize preview cards at render time

* Add `sandbox` attribute to preview card iframes
2023-07-06 15:03:33 +02:00
Vyr Cossont 07f60ffcbb Fix Redis client and type errors introduced in #24285 (#24342) 2023-07-06 13:46:21 +02:00
Vyr Cossont c1467453f6 IndexingScheduler: fetch and import in batches (#24285)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-07-06 13:46:21 +02:00
Emelia Smith 00e65a77df Prevent UserCleanupScheduler from overwhelming streaming (#25519) 2023-07-06 13:46:21 +02:00
Daniel M Brasil f9521bc2b5 Fix incorrect pagination headers in /api/v2/admin/accounts (#25477) 2023-07-06 13:46:21 +02:00
Claire feac95333f Change profile updates to be sent to recently-mentioned servers (#24852) 2023-07-06 13:46:21 +02:00
Claire bb1e7e112e Fix being able to vote on your own polls (#25015) 2023-07-06 13:46:21 +02:00
Claire e233060ea5 Fix race condition when reblogging a status (#25016) 2023-07-06 13:46:21 +02:00
Claire 3faebae2d1 Change OpenGraph-based embeds to allow fullscreen (#25058) 2023-07-06 13:46:21 +02:00
Claire 95f59da157 Fix “Authorized applications” inefficiently and incorrectly getting last use date (#25060) 2023-07-06 13:46:21 +02:00
Claire 6f94b4ae19 Remove invalid X-Frame-Options: ALLOWALL (#25070) 2023-07-06 13:46:21 +02:00
Claire 283184b390 Change Identity to not destroy associated User on destroy (#25098) 2023-07-06 13:46:21 +02:00
Claire d54980ef2d Fix /api/v1/conversations sometimes returning empty accounts (#25499) 2023-07-06 13:46:21 +02:00
Claire 08579976e0 Fix ArgumentError when loading newer Private Mentions (#25399) 2023-07-06 13:46:21 +02:00
Claire ff3f40a675 Fix multiple N+1s in ConversationsController (#25134) 2023-07-06 13:46:21 +02:00
Claire 0dce749192 Fix user archive takeouts when using OpenStack Swift (#24431) 2023-07-06 13:46:21 +02:00
Claire 55144262d0 Fix unescaped user input in LDAP query (#24379)
Fix CVE-2023-28853
2023-04-04 12:38:58 +02:00
Claire 0f4c908b64 Fix invalid/expired invites being processed on sign-up (#24337) 2023-04-04 12:38:58 +02:00
Claire d25493e262 Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (#24200) 2023-04-04 12:38:58 +02:00
Claire f90daf58db Add warning for object storage misconfiguration (#24137) 2023-03-16 22:50:15 +01:00
Eugen Rochko a42b48ea4e Change user backups to use expiring URLs for download when possible (#24136) 2023-03-16 22:50:15 +01:00
Claire f036546c22 Fix misleading error code when receiving invalid WebAuthn credentials (#23568) 2023-03-16 12:34:43 +01:00
Claire 9256d653a5 Fix incorrect post links in strikes when the account is remote (#23611) 2023-03-16 12:34:37 +01:00
Jeremy Kescher d0c0808ad4 Add null check on application in dispute viewer (#19851) 2023-03-16 12:33:09 +01:00
Claire cb622b23b1 Fix dashboard crash on ElasticSearch server error (#23751) 2023-03-16 12:31:20 +01:00
Claire a1e765991e Add mail headers to avoid auto-replies (#23597) 2023-03-14 11:46:12 +01:00
Claire 76b9f42712 Add lang tag to native language names in language picker (#23749) 2023-03-14 11:46:12 +01:00
Rodion Borisov a717aa929c Center the text itself in upload area (#24029) 2023-03-14 11:46:12 +01:00
Claire e6f6fe6106 Fix original account being unfollowed on migration before the follow request could be sent (#21957) 2023-03-14 11:46:12 +01:00
Claire 86b1adf7d7 Fix unconfirmed accounts being registered as active users (#23803) 2023-03-14 10:26:38 +01:00
Claire 4beeec4e50 Fix server error when failing to follow back followers from /relationships (#23787) 2023-03-14 10:26:23 +01:00
Claire 3c44ba0411 Fix inefficiency when searching accounts per username in admin interface (#23801) 2023-03-14 10:26:14 +01:00
Dean Bassett 339d4fa61c Fix case-sensitive check for previously used hashtags (#23526) 2023-03-14 10:25:48 +01:00
Claire 62f0eab635 Fix “Remove all followers from the selected domains” being more destructive than it claims (#23805) 2023-03-14 10:25:38 +01:00
Claire a8a3e86216
Fix unbounded recursion in post discovery (#23507)
* Add a limit to how many posts can get fetched as a result of a single request

* Add tests

* Always pass `request_id` when processing `Announce` activities

---------

Co-authored-by: nametoolong <nametoolong@users.noreply.github.com>
2023-02-10 22:16:47 +01:00
Claire be1caad933
Fix REST API serializer for Account not including moved when the moved account has itself moved (#22483) (#23492)
Instead of cutting immediately, cut after one recursion.
2023-02-09 21:02:09 +01:00
Claire 533bf92d21
Don't delivery a reply to domains which are blocked by author (#22117) (#23490)
Co-authored-by: Jeong Arm <kjwonmail@gmail.com>
2023-02-09 21:01:53 +01:00
Claire 6a2b48190c
Log admin approve and reject account (#22088) (#23488)
* Log admin approve and reject account

* Add unit tests for approve and reject logging

Co-authored-by: Francis Murillo <evacuee.overlap.vs3op@aleeas.com>
2023-02-09 21:01:45 +01:00
Claire 6cbc589990
Fix UserCleanupScheduler crash when an unconfirmed account has a moderation note (#23318) (#23487)
* Fix `UserCleanupScheduler` crash when an unconfirmed account has a moderation note

* Add tests
2023-02-09 21:01:38 +01:00
Claire a2bfb16cb8
Fix crash when marking statuses as sensitive while some statuses are deleted (#22134) (#23486)
* Do not offer to mark statuses as sensitive if there is no undeleted status with media attachments

* Fix crash when marking statuses as sensitive while some statuses are deleted

Fixes #21910

* Fix multiple strikes being created for a single report when selecting “Mark as sensitive”

* Add tests
2023-02-09 21:01:21 +01:00
Claire cfc0507010
Fix attachments of edited statuses not being fetched (#21565) (#23485)
* Fix attachments of edited statuses not being fetched

* Fix tests
2023-02-09 20:57:31 +01:00
Claire eade64097c
Clear voter count when poll is reset (#21700) (#23484)
When a poll is edited, we reset the poll and remove all previous
votes. However, prior to this commit, the voter count on the poll
was not reset. This leads to incorrect percentages being shown in
poll results.

Fixes #21696

Co-authored-by: afontenot <adam.m.fontenot@gmail.com>
2023-02-09 20:57:24 +01:00
Claire 1f0be21317
Fix some performance issues with /admin/instances (#21907) (#23483)
/admin/instances?availability=failing remains wholly unefficient
2023-02-09 20:57:14 +01:00
Claire 0ca877f084
Fix possible race conditions when suspending/unsuspending accounts (#22363) (#23482)
* Fix possible race conditions when suspending/unsuspending accounts

* Fix tests

Tests were assuming SuspensionWorker and UnsuspensionWorker would do the
suspending/unsuspending themselves, but this has changed.
2023-02-09 20:57:06 +01:00