mastodon/app/models
David Leadbeater 69378eac99
Don't allow URLs that contain non-normalized paths to be verified (#20999)
* Don't allow URLs that contain non-normalized paths to be verified

This stops things like https://example.com/otheruser/../realuser where
"/otheruser" appears to be the verified URL, but the actual URL being
verified is "/realuser" due to the "/../".

Also fix a test to use 'https', so it is testing the right thing, now
that since #20304 https is required.

* missing do
2022-11-20 19:28:13 +01:00
..
account Don't allow URLs that contain non-normalized paths to be verified (#20999) 2022-11-20 19:28:13 +01:00
account_suggestions Fix single Redis connection being used across all threads (#18135) 2022-04-28 17:47:34 +02:00
admin Support for import/export of instance-level domain blocks/allows for 4.x w/ additional fixes (#20597) 2022-11-17 11:05:09 +01:00
concerns Fix error when invalid domain name is submitted (#19474) 2022-11-14 08:07:14 +01:00
form Support for import/export of instance-level domain blocks/allows for 4.x w/ additional fixes (#20597) 2022-11-17 11:05:09 +01:00
trends Fix error when passing unknown filter param in REST API (#20626) 2022-11-14 08:06:06 +01:00
web Add policy param to POST /api/v1/push/subscriptions (#16040) 2021-04-15 05:00:25 +02:00
account.rb Fix trendable status without review (#20214) 2022-11-11 21:24:10 +01:00
account_alias.rb Micro-optimization: only split acct into two Strings (#19901) 2022-11-07 16:17:55 +01:00
account_conversation.rb Fix single Redis connection being used across all threads (#18135) 2022-04-28 17:47:34 +02:00
account_deletion_request.rb Change account suspensions to be reversible by default (#14726) 2020-09-15 14:37:58 +02:00
account_domain_block.rb Fix crash when saving invalid domain name (#11528) 2019-08-08 23:04:19 +02:00
account_filter.rb Fix error when passing unknown filter param in REST API (#20626) 2022-11-14 08:06:06 +01:00
account_migration.rb Skip Webfinger cache during migrations as well (#19883) 2022-11-07 03:31:38 +01:00
account_moderation_note.rb Update dependencies for Ruby (2018-04-23) (#7237) 2018-04-23 11:29:17 +02:00
account_note.rb Fix AccountNote not having a maximum length (#16942) 2021-11-06 00:12:25 +01:00
account_pin.rb Add API endpoint to list featured accounts (fixes #8315) (#8317) 2018-08-20 18:46:04 +02:00
account_stat.rb Fix follower and other counters being able to go negative (#18517) 2022-05-26 20:32:48 +02:00
account_statuses_cleanup_policy.rb Micro-optimization: use if/else instead of Array#compact and Array#min (#19906) 2022-11-08 03:50:47 +01:00
account_statuses_filter.rb Fix performance of account timelines (#17709) 2022-03-08 09:14:39 +01:00
account_suggestions.rb Change auto-following admin-selected accounts, show in recommendations (#16078) 2021-04-24 17:01:43 +02:00
account_summary.rb Fix FollowRecommendationsScheduler failing because of unpopulated views (#16189) 2021-05-09 10:39:29 +02:00
account_warning.rb Add audit log entries for user roles (#19040) 2022-08-25 20:39:40 +02:00
account_warning_preset.rb Add titles to warning presets in admin UI (#13252) 2020-03-12 17:57:59 +01:00
admin.rb Add logging of admin actions (#5757) 2017-11-24 02:05:53 +01:00
announcement.rb Change admin announcement edition interface to use datetime-local (#18321) 2022-10-28 12:56:32 +02:00
announcement_filter.rb Fix error when passing unknown filter param in REST API (#20626) 2022-11-14 08:06:06 +01:00
announcement_mute.rb Add announcements (#12662) 2020-01-23 22:00:13 +01:00
announcement_reaction.rb Add announcements (#12662) 2020-01-23 22:00:13 +01:00
appeal.rb Add audit log entries for user roles (#19040) 2022-08-25 20:39:40 +02:00
application_record.rb Fix records not being indexed sometimes (#12024) 2019-10-01 01:19:11 +02:00
backup.rb Add announcements (#12662) 2020-01-23 22:00:13 +01:00
block.rb Store URIs of follows, follow requests and blocks for ActivityPub (#7160) 2018-05-04 21:14:34 +02:00
bookmark.rb Bump chewy from 5.2.0 to 7.2.3 (supports Elasticsearch 7.x) (#16915) 2021-11-18 22:02:08 +01:00
canonical_email_block.rb Add admin API for managing canonical e-mail blocks (#19067) 2022-08-28 03:31:54 +02:00
content_retention_policy.rb Add retention policy for cached content and media (#19232) 2022-09-27 03:08:19 +02:00
context.rb
conversation.rb Revert "Remove conversation URI (#11423)" (#11424) 2019-07-28 17:47:37 +02:00
conversation_mute.rb Update dependencies for Ruby (2018-04-23) (#7237) 2018-04-23 11:29:17 +02:00
custom_emoji.rb Fix metadata scrubbing removing color profile from images (#20389) 2022-11-11 09:20:10 +01:00
custom_emoji_category.rb Add batch actions and categories to admin UI for custom emojis (#11793) 2019-09-09 22:44:17 +02:00
custom_emoji_filter.rb Fix error when passing unknown filter param in REST API (#20626) 2022-11-14 08:06:06 +01:00
custom_filter.rb Add ability to filter individual posts (#18945) 2022-08-25 04:27:47 +02:00
custom_filter_keyword.rb Change how hashtags are normalized (#18795) 2022-07-13 15:03:28 +02:00
custom_filter_status.rb Add ability to select all accounts matching search for batch actions (#19053) 2022-08-25 23:33:34 +02:00
device.rb Add E2EE API (#13820) 2020-06-02 19:24:53 +02:00
domain_allow.rb Support for import/export of instance-level domain blocks/allows for 4.x w/ additional fixes (#20597) 2022-11-17 11:05:09 +01:00
domain_block.rb Support for import/export of instance-level domain blocks/allows for 4.x w/ additional fixes (#20597) 2022-11-17 11:05:09 +01:00
email_domain_block.rb Add admin API for managing e-mail domain blocks (#19066) 2022-08-28 03:37:55 +02:00
encrypted_message.rb Fix single Redis connection being used across all threads (#18135) 2022-04-28 17:47:34 +02:00
export.rb Add ability to filter followed accounts' posts by language (#19095) 2022-09-20 23:51:21 +02:00
extended_description.rb Change about page to be mounted in the web UI (#19345) 2022-10-13 14:42:37 +02:00
favourite.rb Bump chewy from 5.2.0 to 7.2.3 (supports Elasticsearch 7.x) (#16915) 2021-11-18 22:02:08 +01:00
featured_tag.rb Improve performance by avoiding regex construction (#20215) 2022-11-10 05:49:30 +01:00
feed.rb allow pagination by min_id and max_id (#14776) 2020-09-12 17:09:49 +02:00
follow.rb Add ability to filter followed accounts' posts by language (#19095) 2022-09-20 23:51:21 +02:00
follow_recommendation.rb Fix FollowRecommendationsScheduler failing because of unpopulated views (#16189) 2021-05-09 10:39:29 +02:00
follow_recommendation_filter.rb Fix single Redis connection being used across all threads (#18135) 2022-04-28 17:47:34 +02:00
follow_recommendation_suppression.rb Add cold-start follow recommendations (#15945) 2021-04-12 12:37:14 +02:00
follow_request.rb Add ability to filter followed accounts' posts by language (#19095) 2022-09-20 23:51:21 +02:00
home_feed.rb Fix rubocop config and warnings (#15503) 2021-01-07 09:40:55 +01:00
identity.rb Change identities id column to a bigint (#9371) 2018-11-27 13:56:25 +01:00
import.rb Fix follow limit preventing re-following of a moved account (#14207) 2020-12-18 09:18:31 +01:00
instance.rb Add audit log entries for user roles (#19040) 2022-08-25 20:39:40 +02:00
instance_filter.rb Fix error when passing unknown filter param in REST API (#20626) 2022-11-14 08:06:06 +01:00
invite.rb Change account suspensions to be reversible by default (#14726) 2020-09-15 14:37:58 +02:00
invite_filter.rb Fix error when passing unknown filter param in REST API (#20626) 2022-11-14 08:06:06 +01:00
ip_block.rb Fix IP blocks not having a unique index (#19456) 2022-10-25 21:43:44 +02:00
list.rb Improve account deletion performances further (#15407) 2020-12-22 23:57:46 +01:00
list_account.rb Add abilityto add oneself to lists (#12271) 2019-11-04 13:02:01 +01:00
list_feed.rb Fix rubocop config and warnings (#15503) 2021-01-07 09:40:55 +01:00
login_activity.rb Add authentication history (#16408) 2021-06-21 17:07:30 +02:00
marker.rb Add timeline read markers API (#11762) 2019-09-06 13:55:51 +02:00
media_attachment.rb Fix image type not being set after conversion for convertible image types (#20624) 2022-11-14 07:13:14 +01:00
mention.rb Improve support for aspects/circles (#8950) 2018-10-17 17:13:04 +02:00
message_franking.rb Add E2EE API (#13820) 2020-06-02 19:24:53 +02:00
mute.rb Add duration parameter to muting. (#13831) 2020-10-13 01:01:14 +02:00
notification.rb Add notifications for new reports (#18697) 2022-06-27 09:30:15 +02:00
one_time_key.rb Add E2EE API (#13820) 2020-06-02 19:24:53 +02:00
poll.rb Fix regression in tootctl search deploy caused by unloaded attribute (#18514) 2022-05-26 18:05:47 +02:00
poll_vote.rb Add optimistic lock to avoid race conditions when handling votes (#10196) 2019-03-06 19:53:57 +01:00
preview_card.rb Fix metadata scrubbing removing color profile from images (#20389) 2022-11-11 09:20:10 +01:00
preview_card_provider.rb Fix metadata scrubbing removing color profile from images (#20389) 2022-11-11 09:20:10 +01:00
preview_card_trend.rb Add support for language preferences for trending statuses and links (#18288) 2022-10-08 16:45:40 +02:00
privacy_policy.rb Fix privacy policy being empty if custom setting exists but is empty (#19318) 2022-10-08 08:34:00 +02:00
public_feed.rb Revert filtering public timelines by locale by default (#20294) 2022-11-10 05:34:42 +01:00
relationship_filter.rb Fix error when passing unknown filter param in REST API (#20626) 2022-11-14 08:06:06 +01:00
relay.rb Fix enable/disable relay failures (#13535) 2020-04-23 22:04:18 +02:00
remote_follow.rb Remove dependency on goldfinger gem (#14919) 2020-10-08 00:34:57 +02:00
report.rb Fix notifications about deleted reports not being also deleted (#19475) 2022-10-27 02:10:54 +02:00
report_filter.rb Fix error when passing unknown filter param in REST API (#20626) 2022-11-14 08:06:06 +01:00
report_note.rb Fix scope latest of ReportNote (#9630) 2018-12-26 06:38:59 +01:00
rule.rb Fix rules with same priority being sorted non-deterministically (#20623) 2022-11-14 06:28:19 +01:00
scheduled_status.rb Fix deleting a scheduled status immediately deleting media attachments (#9728) 2019-01-06 16:38:40 +01:00
search.rb
session_activation.rb Add Ruby 3.0 support (#16046) 2021-05-06 14:22:54 +02:00
setting.rb Use Rails' index_by where it makes sense (#15542) 2021-01-12 09:27:38 +01:00
site_upload.rb Fix metadata scrubbing removing color profile from images (#20389) 2022-11-11 09:20:10 +01:00
status.rb Fix reblogs being discarded after the reblogged status (#19731) 2022-11-04 16:31:44 +01:00
status_edit.rb Add ability to view previous edits of a status in admin UI (#19462) 2022-10-26 13:42:29 +02:00
status_pin.rb Add feature to automatically delete old toots (#16529) 2021-08-09 23:11:50 +02:00
status_stat.rb Fix follower and other counters being able to go negative (#18517) 2022-05-26 20:32:48 +02:00
status_trend.rb Fix trending statuses returning more than one post by the same author (#19349) 2022-10-14 01:44:23 +02:00
system_key.rb Add E2EE API (#13820) 2020-06-02 19:24:53 +02:00
tag.rb Improve performance by avoiding regex construction (#20215) 2022-11-10 05:49:30 +01:00
tag_feed.rb Revert filtering public timelines by locale by default (#20294) 2022-11-10 05:34:42 +01:00
tag_follow.rb Add ability to follow hashtags (#18809) 2022-07-17 13:49:29 +02:00
tombstone.rb Record deleted(by mod) status to prevent re-appear (#10732) 2019-05-09 22:03:02 +02:00
trends.rb Fix missing skip_review? (#19335) 2022-10-10 08:03:19 +02:00
unavailable_domain.rb Add audit log entries for user roles (#19040) 2022-08-25 20:39:40 +02:00
user.rb Change automatic post deletion configuration to be accessible to redirected users (#20774) 2022-11-17 10:55:23 +01:00
user_invite_request.rb Add "why do you want to join" field to invite requests (#10524) 2019-04-09 23:06:30 +09:00
user_ip.rb Remove IP tracking columns from users table (#16409) 2022-01-16 13:23:50 +01:00
user_role.rb Add audit log entries for user roles (#19040) 2022-08-25 20:39:40 +02:00
web.rb
webauthn_credential.rb Fix validates :sign_count of WebauthnCredential (#14806) 2020-09-16 20:16:46 +02:00
webhook.rb Add administrative webhooks (#18510) 2022-06-09 21:57:36 +02:00