Commit graph

775 commits

Author SHA1 Message Date
Claire a1c7aae28a
Merge pull request from GHSA-xjvf-fm67-4qc3 2024-07-04 16:45:52 +02:00
Claire 122740047a
Merge pull request from GHSA-vp5r-5pgw-jwqx
* Fix streaming sessions not being closed when revoking access to an app

* Add tests for GHSA-7w3c-p9j8-mq3x
2024-07-04 16:11:28 +02:00
David Roetzel 6cf83a2a64 Improve encoding detection for link cards (#30780) 2024-07-03 11:13:40 +02:00
Eugen Rochko 2a5819e8bb Change search modifiers to be case-insensitive (#30865) 2024-07-03 11:13:40 +02:00
Claire ba240cea0c Normalize language code of incoming posts (#30403) 2024-05-29 15:31:34 +02:00
Tim Rogers a6089cdfca Fixed crash when supplying FFMPEG_BINARY environment variable (#30022) 2024-05-17 12:30:07 +02:00
Claire d807b3960e
Merge pull request from GHSA-7w3c-p9j8-mq3x
* Ensure destruction of OAuth Applications notifies streaming

Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.

* Ensure password resets revoke access to Streaming API

* Improve performance of deleting OAuth tokens

---------

Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
2024-02-14 15:15:34 +01:00
Claire 5799bc4af7
Merge pull request from GHSA-3fjr-858r-92rw
* Fix insufficient origin validation

* Bump version to v4.1.13
2024-02-01 15:56:46 +01:00
Claire 9292d998fe Fix Mastodon not correctly processing HTTP Signatures with query strings (#28476) 2024-01-24 15:31:06 +01:00
MitarashiDango 4c5575e8e0 Fix Undo Announce activity is not sent, when not followed by the reblogged post author (#18482)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2024-01-24 15:31:06 +01:00
Claire 803e15a3cf Fix incoming status creation date not being restricted to standard ISO8601 (#27655) 2023-12-04 15:28:02 +01:00
Claire 1210524a3d Fix processing LDSigned activities from actors with unknown public keys (#27474) 2023-12-04 15:28:02 +01:00
Jakob Gillich 45669ac5e6 Fix importer returning negative row estimates (#27258) 2023-10-10 13:51:56 +02:00
Claire 5d93c5f019
Fix post translation erroring out (v4.1.x) (#26990) 2023-09-20 15:59:57 +02:00
Claire d6c0ae995c Fix post edits not being forwarded as expected (#26936) 2023-09-19 17:01:44 +02:00
Claire 5fd89e53d2 Fix moderator rights inconsistencies (#26729) 2023-09-19 17:01:44 +02:00
Claire 5caade9fb0 Fix crash when encountering invalid URL (#26814) 2023-09-19 17:01:44 +02:00
Nicolai Søborg 21bf42bca1 Fix frame_rate for videos where ffprobe reports 0/0 (#26500) 2023-09-19 17:01:44 +02:00
Claire 48ee3ae13d
Merge pull request from GHSA-v3xf-c9qf-j667 2023-09-19 16:53:58 +02:00
Emelia Smith cf80d54cba Allow reports with long comments from remote instances, but truncate (#25028) 2023-09-05 19:16:09 +02:00
Claire 86afbf25d0 Change text extraction in PlainTextFormatter to be faster (#26727) 2023-09-05 19:16:09 +02:00
Claire 6c321bb5e1 Fix incorrect connect timeout in outgoing requests (#26116) 2023-07-31 14:33:06 +02:00
Claire d94a2c8aca Change request timeout handling to use a longer deadline (#26055) 2023-07-21 16:07:43 +02:00
Claire f2bbac3f9f Fix crash in admin interface when viewing a remote user with verified links (#25796) 2023-07-07 19:37:21 +02:00
Claire 32ebeed59b
Merge pull request from GHSA-55j9-c3mp-6fcq 2023-07-06 15:06:50 +02:00
Claire e75ad1de0f
Merge pull request from GHSA-9pxv-6qvf-pjwc
* Fix timeout handling of outbound HTTP requests

* Use CLOCK_MONOTONIC instead of Time.now
2023-07-06 15:06:24 +02:00
Claire a3d69a2c5d Fix OAuth apps page crashing when listing apps with certain admin API scopes (#25713) 2023-07-06 13:45:40 +02:00
Claire 210ff36860 Change AccessTokensVacuum to also delete expired tokens (#24868) 2023-07-06 13:45:40 +02:00
Claire 99c2bbbec9 Change profile updates to be sent to recently-mentioned servers (#24852) 2023-07-06 13:45:40 +02:00
Claire f962e83856 Change OpenGraph-based embeds to allow fullscreen (#25058) 2023-07-06 13:45:40 +02:00
Claire b3cbcd7447 Fix “Authorized applications” inefficiently and incorrectly getting last use date (#25060) 2023-07-06 13:45:40 +02:00
Claire 6a7b91a038 Add warning for object storage misconfiguration (#24137) 2023-03-16 22:48:42 +01:00
Claire 0363064501 Fix dashboard crash on ElasticSearch server error (#23751) 2023-03-16 11:45:01 +01:00
Christian Schmidt 3f2e31800e Unescape HTML entities (#24019) 2023-03-13 18:45:42 +01:00
Claire 0c9eac80d8
Fix unbounded recursion in post discovery (#23506)
* Add a limit to how many posts can get fetched as a result of a single request

* Add tests

* Always pass `request_id` when processing `Announce` activities

---------

Co-authored-by: nametoolong <nametoolong@users.noreply.github.com>
2023-02-10 22:16:37 +01:00
Nick Schonning 0592937264
Apply Rubocop Rails/WhereNot (#23448)
* Apply Rubocop Rails/WhereNot

* Update spec for where.not
2023-02-08 10:39:57 +01:00
Nick Schonning 0d1f192c54
Apply Rubocop Performance/BlockGivenWithExplicitBlock (#23441)
* Apply Rubocop Performance/BlockGivenWithExplicitBlock

* Unprefix used block parameter
2023-02-08 10:36:23 +01:00
Nick Schonning 203739dd3a
Apply Rubocop Performance/StringIdentifierArgument (#23444) 2023-02-08 02:36:20 +01:00
Nick Schonning ef8988aef2
Apply Rubocop Performance/DoubleStartEndWith (#23442) 2023-02-08 10:06:48 +09:00
Nick Schonning ed570050c6
Autofix Rails/EagerEvaluationLogMessage (#23429)
* Autofix Rails/EagerEvaluationLogMessage

* Update spec for debug block syntax
2023-02-07 03:44:36 +01:00
Eugen Rochko 4c919812b9
Change number of stored items in home feed from 400 to 800 (#23349) 2023-02-01 11:24:22 +01:00
Claire 41517a4845
Fix spurious admin dashboard warning when using ElasticSearch 7.x (#23064)
Some 7.x ElasticSearch versions support some 6.x nodes, thus the version check
is inadequate. I am not sure there is a good way to check if a server
implements all the 7.x APIs, so check server version and minimum wire version
instead.
2023-01-18 16:21:48 +01:00
Markus Unterwaditzer 0c689b9d01
fix: allow verification when page size exceeds 1MB (using HTML5 parser) (#22879)
* fix: allow verification when page size exceeds 1MB
Truncates the page after 1MB instead

Closes #15316

* switch to HTML5 parser, fix rubocop errors

* undo rubocop fixes

Co-authored-by: Chris Zubak-Skees <chriszs@gmail.com>
2023-01-11 21:59:13 +01:00
Kaspar V ae62e5fa53
Fix/remove calling private method with send in model (#22951)
* fix(status): remove send usage for private unlink_from_conversations

- make unlink_from_conversations public method
- rename unlink_from_conversations to unlink_from_conversations!
- fix send call on private method in statuses_vacuum and batched_remove_status_service

* fix(feeds_vacuum): replace find_in_batches with in_batches

because active record query results should be a little more efficient than
itterating with map and each. Postgres can grasp such lists of ids much quicker
than ruby can.
Will probably make allmost no difference, but cannot hurt either.
2023-01-11 21:57:24 +01:00
Vyr Cossont 06f979098c
Check OpenSearch compatibility version instead of regular version (#22422)
Fixes #18535.
2023-01-05 13:44:31 +01:00
Jeong Arm fdd1facba1
Fix home TL could contain post from who blocked me (#22849)
* Fix home tl contains post from who blocked me

* Add test

* Fix feed_manager's build_crutches

blocked_by was not includes status' owner

* Add test for status from I blocked

* Fix typo
2023-01-05 13:30:38 +01:00
Claire d13702ac06
Fix status cache hydration discrepancy (#19879) 2022-12-15 18:55:55 +01:00
Claire 673c54f114
Fix inability to use local LibreTranslate without setting ALLOWED_PRIVATE_ADDRESSES (#21926)
Fixes #20029
2022-12-15 17:04:38 +01:00
s0 52540771b0
Fix crash in elasticsearch_check.rb (#21006)
Nil unwrap causes the admin dashboard to crash/500 when the Chewy client info version number value is nil.
This occurs when running another ES-compatible backend such as MeiliSearch.
Obviously it would be good for chewy to recognise upstream but at least avoiding the crash would be fine.
2022-12-15 15:56:48 +01:00
Jeong Arm e8cc63105f
Don't delivery a reply to domains which are blocked by author (#22117)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-12-15 15:52:06 +01:00