Commit Graph

5479 Commits (e45a6edd6574c86409333cc64f9fb87e1b0a196e)

Author SHA1 Message Date
Thibaut Girka e45a6edd65 Keep new DMs in home feeds and in the old DM timeline
Revert server-side part of 87fdd139b8
2018-10-22 18:15:51 +02:00
Thibaut Girka dcded13a99 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- .github/ISSUE_TEMPLATE/bug_report.md
  Took our version.
- CONTRIBUTING.md
  Updated the embedded copy of upstream's version.
- README.md
  Took our version.
- app/policies/status_policy.rb
  Not a real conflict, took code from both.
- app/views/layouts/embedded.html.haml
  Added upstream's changes (dns-prefetch) and fixed
  `%body.embed`
- app/views/settings/preferences/show.html.haml
  Reverted some of upstream changes, as we have a
  page dedicated for flavours and skins.
- config/initializers/content_security_policy.rb
  Kept our version of the CSP.
- config/initializers/doorkeeper.rb
  Not a real conflict, took code from both.
2018-10-22 17:51:38 +02:00
Masoud Abkenar c7e9f9ff1e RTL: remove blank character inside bdi (#9038)
* RTL: remove blank character inside bdi

* Update app/javascript/mastodon/components/display_name.js

Co-Authored-By: mabkenar <ampbox@gmail.com>
2018-10-22 01:04:32 +02:00
ThibG 84cf78da8a Fix og:url on toots' public view (#9047)
Fixes #9045
2018-10-21 22:52:10 +02:00
Masoud Abkenar c73864c137 RTL: fix cardbar margins and alignment (#9044) 2018-10-21 18:37:57 +02:00
Masoud Abkenar 3a157210c8 RTL: fix admin account avatar margin in about page (#9039)
* RTL: fix admin account avatar margin in about page

* fix code style
2018-10-21 16:45:08 +02:00
Thibaut Girka 4739e0f090 Put a video camera emoji or a picture frame emoji instead of “.”
This uses the same logic as the status icons in the glitch flavor.
2018-10-21 16:09:18 +02:00
Thibaut Girka 8729f5e466 Do not move CWs to toot body when toot body is empty
Fixes #395

Instead of leaving the toot body blank, it replaces it with a single “.” in
order for the fold/unfold CW behavior to not look *too* weird on upstream
Mastodon. Note that this does not fix upstream's CW-dropping behavior, as
that is decided at the time the toot is posted, not received.
2018-10-21 16:09:18 +02:00
Thibaut Girka 04bedd237b Attempt at fixing inline video player 2018-10-21 16:09:07 +02:00
Thibaut Girka dfa5b0576f Update mediaGallery component's width when opening CWs 2018-10-21 16:09:07 +02:00
Masoud Abkenar bf58461d36 RTL: fix column settings toggle label (#9037) 2018-10-21 20:31:40 +09:00
kedama 25f9ead041 Fix domain label position and color (#9033)
* Fix position of the domain label

* Fix position of the domain label for RTL

- Fix color mismatch of linear gradient which assigned to "::after" pseudo class
2018-10-21 14:35:25 +09:00
Thibaut Girka e4c3ea1809 Force sensitive content flag when posting a toot with a CW
Indeed, when the “Always enable the Content Warning field” setting is enabled,
sending a content-less toot with a CW would move the CW to the toot's content
and leave the toot not marked as sensitive.
2018-10-20 17:06:21 +02:00
Thibaut Girka 13c3fa8d36 Focus the UI when pressing Escape in the CW field 2018-10-20 15:00:39 +02:00
Eugen Rochko fd5285658f
Add option to block reports from domain (#8830) 2018-10-20 08:02:44 +02:00
Eugen Rochko 9486f0ca77
Add "disable" button to report screen (#9024)
* Add "disable" button to report screen

* i18n-tasks remove-unused
2018-10-20 02:39:39 +02:00
Eugen Rochko eb1b9903a6
Redesign direct messages column (#9022) 2018-10-20 02:23:58 +02:00
Masoud Abkenar 029943d59b RTL: fix preferences layout (#9021) 2018-10-20 01:05:17 +02:00
bsky 065b39e7a4 Fix admin account avatar margin (#9020) 2018-10-19 20:35:42 +02:00
Masoud Abkenar 301cbcc980 RTL: fix user stats in about page (#9018) 2018-10-19 20:16:13 +09:00
Eugen Rochko a38a452481
Add unread indicator to conversations (#9009) 2018-10-19 01:47:29 +02:00
takayamaki bebe8ec887 fix: initial state of PrivacyDropdown is should not be null (#9008) 2018-10-19 00:00:19 +02:00
Masoud Abkenar 65b3804a6c RTL: fix domain append at signup form (#9007) 2018-10-18 21:19:31 +02:00
ThibG 007f7690fa Fix fav/boosts hotkeys not working on detailed statuses (#9006) 2018-10-18 19:52:00 +02:00
Thibaut Girka b13c34de3a Fix fav/boosts hotkeys not working on detailed statuses 2018-10-18 19:00:59 +02:00
Masoud Abkenar f8c1b32541 RTL: fix admin account margins in about page (#9005) 2018-10-18 14:35:49 +02:00
Eugen Rochko 72d7d3003b
Do not show "limited" visibility in default visibility preference (#8999)
* Do not show "limited" visibility in default visibility preference

Fix regression from #8950

* Fix code style issue
2018-10-17 22:04:40 +02:00
Eugen Rochko ddd30f331c
Improve support for aspects/circles (#8950)
* Add silent column to mentions

* Save silent mentions in ActivityPub Create handler and optimize it

Move networking calls out of the database transaction

* Add "limited" visibility level masked as "private" in the API

Unlike DMs, limited statuses are pushed into home feeds. The access
control rules between direct and limited statuses is almost the same,
except for counter and conversation logic

* Ensure silent column is non-null, add spec

* Ensure filters don't check silent mentions for blocks/mutes

As those are "this person is also allowed to see" rather than "this
person is involved", therefore does not warrant filtering

* Clean up code

* Use Status#active_mentions to limit returned mentions

* Fix code style issues

* Use Status#active_mentions in Notification

And remove stream_entry eager-loading from Notification
2018-10-17 17:13:04 +02:00
ThibG adb06baef6 Handle global hotkeys even when no element has focus (#8998)
This fixes hotkeys not working when pressing the column
“back” button, for instance.
2018-10-17 16:56:16 +02:00
Quint Guvernator f5e2e96e95 always allow DMs from staff (#8993) 2018-10-16 19:55:05 +02:00
Eugen Rochko 35b576dbec
Improve form for selecting media display preference (#8965)
Regression from #8569
2018-10-16 14:07:54 +02:00
Masoud Abkenar d35801aaa2 Fixes 8987 broken alignment at "Remote interaction dialog" (#8988) 2018-10-15 16:09:08 +02:00
Masoud Abkenar efd09e2ebb undo part of PR 8202 to fix RTL (#8979) 2018-10-15 04:39:20 +02:00
Thibaut Girka b0527a4ce7 Handle alt+enter in the spoiler input as shortcut for secondary post
Fixes #780
2018-10-14 12:00:21 +02:00
Eugen Rochko b972478812
Improve style of notice/alert messages (#8973) 2018-10-13 01:51:30 +02:00
Eugen Rochko 7d182442a7
Weblate translations (2018-10-12) (#8972)
* Translated using Weblate (Welsh)

Currently translated at 64.4% (448 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/cy/

* Translated using Weblate (Arabic)

Currently translated at 98.0% (682 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/ar/

* Translated using Weblate (French)

Currently translated at 99.9% (695 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/fr/

* Translated using Weblate (Arabic)

Currently translated at 94.3% (82 of 87 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/ar/

* Translated using Weblate (Welsh)

Currently translated at 88.7% (297 of 335 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/cy/

* Translated using Weblate (French)

Currently translated at 100.0% (335 of 335 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/fr/

* Translated using Weblate (French)

Currently translated at 100,0% (87 of 87 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/fr/

* Translated using Weblate (Czech)

Currently translated at 100.0% (335 of 335 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/cs/

* Translated using Weblate (Czech)

Currently translated at 100.0% (87 of 87 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/cs/

* Translated using Weblate (Czech)

Currently translated at 99.9% (695 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/cs/

* Translated using Weblate (Persian)

Currently translated at 100.0% (335 of 335 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/fa/

* Translated using Weblate (Arabic)

Currently translated at 94.6% (88 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/ar/

* Translated using Weblate (Arabic)

Currently translated at 100.0% (335 of 335 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/ar/

* Translated using Weblate (Czech)

Currently translated at 100.0% (93 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/cs/

* Translated using Weblate (Galician)

Currently translated at 100,0% (93 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/gl/

* Translated using Weblate (Galician)

Currently translated at 100,0% (696 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/gl/

* Translated using Weblate (Greek)

Currently translated at 100.0% (93 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/el/

* Translated using Weblate (Greek)

Currently translated at 98.8% (331 of 335 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/el/

* Translated using Weblate (Greek)

Currently translated at 99.7% (694 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/el/

* Translated using Weblate (Persian)

Currently translated at 100.0% (93 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/fa/

* Translated using Weblate (Czech)

Currently translated at 99.9% (695 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/cs/

* Translated using Weblate (French)

Currently translated at 100,0% (93 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/fr/

* Translated using Weblate (French)

Currently translated at 99.9% (695 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/fr/

* Translated using Weblate (Japanese)

Currently translated at 99.4% (692 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/ja/

* Translated using Weblate (Corsican)

Currently translated at 100.0% (93 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/co/

* Translated using Weblate (Corsican)

Currently translated at 99.9% (695 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/co/

* Translated using Weblate (German)

Currently translated at 99.6% (693 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/de/

* Translated using Weblate (German)

Currently translated at 100,0% (93 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/de/

* Translated using Weblate (Japanese)

Currently translated at 99.4% (692 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/ja/

* Translated using Weblate (Japanese)

Currently translated at 99.9% (695 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/ja/

* Translated using Weblate (Japanese)

Currently translated at 100.0% (335 of 335 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/ja/

* Translated using Weblate (Japanese)

Currently translated at 94.6% (88 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/ja/

* i18n-tasks normalize

* yarn manage:translations
2018-10-13 01:51:14 +02:00
Thibaut Girka 70d346ea95 Fix auto-unfold CWs when no regexp is set
Fixes #778
2018-10-12 23:34:26 +02:00
Thibaut Girka 3d5d899094 Allow selecting both default flavour and theme
Fixes #672
2018-10-12 19:06:35 +02:00
Eugen Rochko fac529975b Improve signature verification safeguards (#8959)
* Downcase signed_headers string before building the signed string

The HTTP Signatures draft does not mandate the “headers” field to be downcased,
but mandates the header field names to be downcased in the signed string, which
means that prior to this patch, Mastodon could fail to process signatures from
some compliant clients. It also means that it would not actually check the
Digest of non-compliant clients that wouldn't use a lowercased Digest field
name.

Thankfully, I don't know of any such client.

* Revert "Remove dead code (#8919)"

This reverts commit a00ce8c92c.

* Restore time window checking, change it to 12 hours

By checking the Date header, we can prevent replaying old vulnerable
signatures. The focus is to prevent replaying old vulnerable requests
from software that has been fixed in the meantime, so a somewhat long
window should be fine and accounts for timezone misconfiguration.

* Escape users' URLs when formatting them

Fixes possible HTML injection

* Escape all string interpolations in Formatter class

Slightly improve performance by reducing class allocations
from repeated Formatter#encode calls

* Fix code style issues
2018-10-12 07:00:41 +02:00
Eugen Rochko 9d4541c612
Display customized mascot in web UI and fix admin form for it (#8964)
Follow-up to #8766
2018-10-12 04:04:08 +02:00
Eugen Rochko 22de24b8ca
Fix missing protocol in dns-prefetch, improve code style (#8963)
Regression from #8942
2018-10-12 02:19:10 +02:00
Eugen Rochko 5cbbd2c3b5
Fix microformats on statuses according to updated spec (#8958) 2018-10-12 02:04:07 +02:00
Eugen Rochko 8fd2cc54c1
Fix type of conversation ID in conversations API (#8961) 2018-10-12 01:36:51 +02:00
Eugen Rochko 21ad21cb50
Improve signature verification safeguards (#8959)
* Downcase signed_headers string before building the signed string

The HTTP Signatures draft does not mandate the “headers” field to be downcased,
but mandates the header field names to be downcased in the signed string, which
means that prior to this patch, Mastodon could fail to process signatures from
some compliant clients. It also means that it would not actually check the
Digest of non-compliant clients that wouldn't use a lowercased Digest field
name.

Thankfully, I don't know of any such client.

* Revert "Remove dead code (#8919)"

This reverts commit a00ce8c92c.

* Restore time window checking, change it to 12 hours

By checking the Date header, we can prevent replaying old vulnerable
signatures. The focus is to prevent replaying old vulnerable requests
from software that has been fixed in the meantime, so a somewhat long
window should be fine and accounts for timezone misconfiguration.

* Escape users' URLs when formatting them

Fixes possible HTML injection

* Escape all string interpolations in Formatter class

Slightly improve performance by reducing class allocations
from repeated Formatter#encode calls

* Fix code style issues
2018-10-12 00:15:55 +02:00
ThibG 0075964244
Merge pull request #775 from ThibG/glitch-soc/merge-upstream
Merge upstream changes
2018-10-11 21:28:03 +02:00
ThibG 2d27c11061 Set Content-Security-Policy rules through RoR's config (#8957)
* Set CSP rules in RoR's configuration

* Override CSP setting in the embed controller to allow frames
2018-10-11 20:35:46 +02:00
Thibaut Girka 8f720be9f3 Merge commit 'ac7df62a0441b95ec04fd9111a9394795dd53ff2' into glitch-soc/merge-upstream 2018-10-11 14:12:36 +02:00
Eugen Rochko 61d44dd11f
Fix typo in ActivityPub Create handler (#8952)
Regression from #8951
2018-10-11 02:10:15 +02:00
Eugen Rochko 87fdd139b8
Do not push DMs into the home feed (#8940)
* Do not push DMs into the home feed

* Show DMs column after sending a DM, if DMs column is not already shown
2018-10-11 01:31:03 +02:00
Eugen Rochko 790d3bc637
Move network calls out of transaction in ActivityPub handler (#8951)
Mention and emoji code may perform network calls, but does not need
to do that inside the database transaction. This may improve availability
of database connections when using pgBouncer in transaction mode.
2018-10-11 00:50:18 +02:00