1
0
Fork 0
forked from fedi/mastodon
mastodon/spec/models
David Leadbeater 69378eac99
Don't allow URLs that contain non-normalized paths to be verified (#20999)
* Don't allow URLs that contain non-normalized paths to be verified

This stops things like https://example.com/otheruser/../realuser where
"/otheruser" appears to be the verified URL, but the actual URL being
verified is "/realuser" due to the "/../".

Also fix a test to use 'https', so it is testing the right thing, now
that since #20304 https is required.

* missing do
2022-11-20 19:28:13 +01:00
..
account Don't allow URLs that contain non-normalized paths to be verified (#20999) 2022-11-20 19:28:13 +01:00
admin Add customizable user roles (#18641) 2022-07-05 02:41:40 +02:00
concerns Add ability to filter followed accounts' posts by language (#19095) 2022-09-20 23:51:21 +02:00
trends Add support for language preferences for trending statuses and links (#18288) 2022-10-08 16:45:40 +02:00
web Fix various typos (#17621) 2022-02-22 20:14:17 +01:00
account_alias_spec.rb Add account migration UI (#11846) 2019-09-19 20:58:19 +02:00
account_conversation_spec.rb Add conversations API (#8832) 2018-10-07 23:44:58 +02:00
account_deletion_request_spec.rb Change account suspensions to be reversible by default (#14726) 2020-09-15 14:37:58 +02:00
account_domain_block_spec.rb
account_filter_spec.rb Add batch suspend for accounts in admin UI (#17009) 2021-12-05 21:48:39 +01:00
account_migration_spec.rb Add account migration UI (#11846) 2019-09-19 20:58:19 +02:00
account_moderation_note_spec.rb Lint pass (#8876) 2018-10-04 12:36:53 +02:00
account_spec.rb Fix typos (#19849) 2022-11-08 17:32:03 +01:00
account_statuses_cleanup_policy_spec.rb Fix some flaky tests that randomly failed because of item ordering (#17509) 2022-02-10 22:00:10 +01:00
account_statuses_filter_spec.rb Fix performance of account timelines (#17709) 2022-03-08 09:14:39 +01:00
announcement_mute_spec.rb Add announcements (#12662) 2020-01-23 22:00:13 +01:00
announcement_reaction_spec.rb Add announcements (#12662) 2020-01-23 22:00:13 +01:00
announcement_spec.rb Add announcements (#12662) 2020-01-23 22:00:13 +01:00
appeal_spec.rb Add appeals (#17364) 2022-02-14 21:27:53 +01:00
backup_spec.rb Lint pass (#8876) 2018-10-04 12:36:53 +02:00
block_spec.rb
canonical_email_block_spec.rb Add canonical e-mail blocks for suspended accounts (#16049) 2021-04-17 03:14:25 +02:00
conversation_mute_spec.rb Lint pass (#8876) 2018-10-04 12:36:53 +02:00
conversation_spec.rb Revert "Remove conversation URI (#11423)" (#11424) 2019-07-28 17:47:37 +02:00
custom_emoji_category_spec.rb Add categories for custom emojis (#11196) 2019-06-28 15:54:10 +02:00
custom_emoji_filter_spec.rb Fix error when passing unknown filter param in REST API (#20626) 2022-11-14 08:06:06 +01:00
custom_emoji_spec.rb Make custom emoji domains case insensitive #9351 (#9474) 2018-12-11 05:30:57 +01:00
custom_filter_keyword_spec.rb Revamp post filtering system (#18058) 2022-06-28 09:42:13 +02:00
custom_filter_spec.rb Lint pass (#8876) 2018-10-04 12:36:53 +02:00
device_spec.rb Add E2EE API (#13820) 2020-06-02 19:24:53 +02:00
domain_allow_spec.rb Add whitelist mode (#11291) 2019-07-30 11:10:46 +02:00
domain_block_spec.rb Allow blocking TLDs, and fix TLD blocks not being editable (#12805) 2020-01-08 22:42:05 +01:00
email_domain_block_spec.rb Change e-mail domain blocks to match subdomains of blocked domains (#18979) 2022-08-24 19:00:55 +02:00
encrypted_message_spec.rb Add E2EE API (#13820) 2020-06-02 19:24:53 +02:00
export_spec.rb Add ability to filter followed accounts' posts by language (#19095) 2022-09-20 23:51:21 +02:00
favourite_spec.rb
featured_tag_spec.rb Add featured hashtags to profiles (#9755) 2019-02-04 04:25:59 +01:00
follow_recommendation_suppression_spec.rb Add cold-start follow recommendations (#15945) 2021-04-12 12:37:14 +02:00
follow_request_spec.rb Add ability to filter followed accounts' posts by language (#19095) 2022-09-20 23:51:21 +02:00
follow_spec.rb Fix follow limit preventing re-following of a moved account (#14207) 2020-12-18 09:18:31 +01:00
home_feed_spec.rb Fix single Redis connection being used across all threads (#18135) 2022-04-28 17:47:34 +02:00
identity_spec.rb Add spec for Identity.find_for_oauth (#9441) 2018-12-06 17:38:49 +09:00
import_spec.rb Fix follow limit preventing re-following of a moved account (#14207) 2020-12-18 09:18:31 +01:00
invite_spec.rb Change account suspensions to be reversible by default (#14726) 2020-09-15 14:37:58 +02:00
ip_block_spec.rb Add IP-based rules (#14963) 2020-10-12 16:33:49 +02:00
list_account_spec.rb Lint pass (#8876) 2018-10-04 12:36:53 +02:00
list_spec.rb Lint pass (#8876) 2018-10-04 12:36:53 +02:00
login_activity_spec.rb Add authentication history (#16408) 2021-06-21 17:07:30 +02:00
marker_spec.rb Add timeline read markers API (#11762) 2019-09-06 13:55:51 +02:00
media_attachment_spec.rb Change max. thumbnail dimensions to 640x360px (360p) (#19619) 2022-11-01 13:01:39 +01:00
mention_spec.rb
mute_spec.rb Lint pass (#8876) 2018-10-04 12:36:53 +02:00
notification_spec.rb Improved performance of notification preloading (#15640) 2021-01-31 21:24:57 +01:00
one_time_key_spec.rb Add E2EE API (#13820) 2020-06-02 19:24:53 +02:00
poll_spec.rb Add polls (#10111) 2019-03-03 22:18:23 +01:00
poll_vote_spec.rb Implement pending tests (#11415) 2019-07-27 10:24:26 +02:00
preview_card_spec.rb Lint pass (#8876) 2018-10-04 12:36:53 +02:00
preview_card_trend_spec.rb Add support for language preferences for trending statuses and links (#18288) 2022-10-08 16:45:40 +02:00
public_feed_spec.rb Refactor and improve tests (#17386) 2022-01-28 00:46:42 +01:00
relationship_filter_spec.rb Fix followings list order | Issue #13538 (#13676) 2020-05-08 20:17:16 +02:00
relay_spec.rb
remote_follow_spec.rb Fix uncaught domain normalization error in remote follow (#11703) 2019-08-30 02:19:17 +02:00
report_filter_spec.rb
report_spec.rb Change how changes to media attachments are stored for edits (#17696) 2022-03-09 09:06:17 +01:00
rule_spec.rb Add server rules (#15769) 2021-02-21 19:50:12 +01:00
scheduled_status_spec.rb Add scheduled statuses (#9706) 2019-01-05 12:43:28 +01:00
session_activation_spec.rb Add Ruby 3.0 support (#16046) 2021-05-06 14:22:54 +02:00
setting_spec.rb Update Mastodon to Rails 6.1 (#15910) 2021-03-24 10:44:31 +01:00
site_upload_spec.rb
status_edit_spec.rb Add support for editing for published statuses (#16697) 2022-01-19 22:37:27 +01:00
status_pin_spec.rb Add support for private pinned posts (#16954) 2022-01-17 00:49:55 +01:00
status_spec.rb Change public timelines to be filtered by current locale by default (#19291) 2022-10-05 03:48:06 +02:00
status_stat_spec.rb Extract counters from accounts table to account_stats table (#9295) 2018-11-19 00:43:52 +01:00
status_trend_spec.rb Add support for language preferences for trending statuses and links (#18288) 2022-10-08 16:45:40 +02:00
system_key_spec.rb Add E2EE API (#13820) 2020-06-02 19:24:53 +02:00
tag_feed_spec.rb Fix typo in tag_feed_spec.rb (#16466) 2021-07-05 19:16:21 +02:00
tag_follow_spec.rb Add ability to follow hashtags (#18809) 2022-07-17 13:49:29 +02:00
tag_spec.rb Change how hashtags are normalized (#18795) 2022-07-13 15:03:28 +02:00
unavailable_domain_spec.rb Change delivery failure tracking to work with hostnames instead of URLs (#13437) 2020-04-15 20:33:24 +02:00
user_invite_request_spec.rb Add "why do you want to join" field to invite requests (#10524) 2019-04-09 23:06:30 +09:00
user_role_spec.rb Add customizable user roles (#18641) 2022-07-05 02:41:40 +02:00
user_spec.rb Add customizable user roles (#18641) 2022-07-05 02:41:40 +02:00
webauthn_credentials_spec.rb Fix validates :sign_count of WebauthnCredential (#14806) 2020-09-16 20:16:46 +02:00
webhook_spec.rb Add administrative webhooks (#18510) 2022-06-09 21:57:36 +02:00