From a097ec997db4f2ac14e8cee0225e646b7d6799b7 Mon Sep 17 00:00:00 2001 From: Yamagishi Kazutoshi Date: Tue, 11 May 2021 05:20:33 +0900 Subject: [PATCH 01/11] Run `i18n-tasks normalize` (#16208) * Run `i18n-tasks normalize` * Fix consistent interpolations * fix --- config/locales/gd.yml | 2 +- config/locales/gl.yml | 2 +- config/locales/is.yml | 8 ++++---- config/locales/sc.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/config/locales/gd.yml b/config/locales/gd.yml index f49284b8d0..bba190ec55 100644 --- a/config/locales/gd.yml +++ b/config/locales/gd.yml @@ -1305,7 +1305,7 @@ gd: terms: body_html: '

Poileasaidh prìobhaideachd

Dè am fiosrachadh a chruinnicheas sinn?


Dè na h-adhbharan air an cleachd sinn am fiosrachadh agad?

Seo na dòighean air an cleachd sinn fiosrachadh sam bith a chruinnich sinn uat ma dh’fhaoidte:


Ciamar a dhìonas sinn am fiosrachadh agad?

Cuiridh sinn iomadh gleus tèarainteachd an sàs ach an glèidheadh sinn sàbhailteachd an fhiosrachaidh phearsanta agad nuair a chuireas tu gin a-steach, nuair a chuireas tu a-null e no nuair a nì thu inntrigeadh air. Am measg gleusan eile, thèid seisean a’ bhrabhsair agad cuide ris an trafaig eadar na h-aplacaidean agad ’s an API a dhìon le SSL agus thèid hais a dhèanamh dhen fhacal-fhaire agad le algairim aon-shligheach làidir. Faodaidh tu dearbhadh dà-cheumnach a chur an comas airson barrachd tèarainteachd a chur ris an inntrigeadh dhan chunntas agad.


Dè am poileasaidh cumail dàta againn?

Nì sinn ar dìcheall:

’S urrainn dhut tasg-lann iarraidh dhen t-susbaint agad ’s a luchdadh a-nuas is gabhaidh seo a-staigh na postaichean, na ceanglachain meadhain, dealbh na pròifil agus dealbh a’ bhanna-chinn agad.

’S urrainn dhut an cunntas agad a sguabadh às gu buan uair sam bith.


An cleachd sinn briosgaidhean?

Cleachdaidh. ’S e faidhlichean beaga a tha sna briosgaidean a thar-chuireas làrach no solaraiche seirbheise gu clàr-cruaidh a’ choimpiutair agad leis a’ bhrabhsair-lìn agad (ma cheadaicheas tu sin). Bheir na briosgaidean sin comas dhan làrach gun aithnich i am brabhsair agad agus ma tha cunntas clàraichte agad, gun co-cheangail i ris a’ chunntas chlàraichte agad e.

Cleachdaidh sinn briosgaidean airson na roghainnean agad a thuigsinn ’s a ghlèidheadh gus an tadhail thu oirnn san àm ri teachd.


Am foillsich sinn fiosrachadh sam bith gu pàrtaidhean air an taobh a-muigh?

Cha reic, malairt no tar-chuir sinn fiosrachadh air a dh’aithnichear thu fhèin gu pàrtaidh sam bith air an taobh a-muigh. Cha ghabh seo a-staigh treas-phàrtaidhean earbsach a chuidicheas leinn le ruith na làraich againn, le obrachadh a’ ghnìomhachais againn no gus an t-seirbheis a thoirt leat cho fada ’s a dh’aontaicheas na treas-phàrtaidhean sin gun cùm iad am fiosrachadh dìomhair. Faodaidh sinn am fiosrachadh agad fhoillseachadh cuideachd nuair a bhios sinn dhen bheachd gu bheil am foillseachadh sin iomchaidh airson gèilleadh dhan lagh, poileasaidhean na làraich againn èigneachadh no na còraichean, an sealbh no an t-sàbhailteachd againn fhèin no aig càch a dhìon.

Dh’fhaoidte gun dèid an t-susbaint phoblach agad a luchdadh a-nuas le frithealaichean eile san lìonra. Thèid na postaichean poblach agad ’s an fheadhainn dhan luchd-leantainn a-mhàin a lìbhrigeadh dha na frithealaichean far a bheil an luchd-leantainn agad a’ còmhnaidh agus thèid na teachdaireachdan dìreach a lìbhrigeadh gu frithealaichean nam faightearan nuair a bhios iad a’ còmhnaidh air frithealaiche eile.

Nuair a dh’ùghdarraicheas tu aplacaid gun cleachd i an cunntas agad, a-rèir sgòp nan ceadan a dh’aontaicheas tu riutha, faodaidh i fiosrachadh poblach na pròifil agad, liosta na feadhna air a bhios tu a’ leantainn, an luchd-leantainn agad, na liostaichean agad, na postaichean agad uile ’s na h-annsachdan agad inntrigeadh. Chan urrainn do dh’aplacaidean an seòladh puist-d no am facal-faire agad inntrigeadh idir.


Cleachdadh na làraich leis a’ chloinn

Ma tha am frithealaiche seo san Aonadh Eòrpach (AE) no san Roinn Eaconomach na h-Eòrpa (EEA): Tha an làrach, na batharan agus na seirbheisean againn uile ag amas air an fheadhainn a tha co-dhiù 16 bliadhnaichean a dh’aois. Ma tha thu nas òige na 16 bliadhnaichean a dh’aois, tha e riatanach fon GDPR (General Data Protection Regulation) nach cleachd thu an làrach seo.

Ma tha am frithealaiche seo sna Stàitean Aonaichte (SAA): Tha an làrach, na batharan agus na seirbheisean againn uile ag amas air an fheadhainn a tha co-dhiù 13 bliadhnaichean a dh’aois. Ma tha thu nas òige na 16 bliadhnaichean a dh’aois, tha e riatanach fon COPPA (Children''s Online Privacy Protection Act)ha an làrach, na batharan agus na seirbheisean againn uile ag amas air an fheadhainn a tha co-dhiù 16 bliadhnaichean a dh’aois. Ma tha thu nas òige na 16 bliadhnaichean a dh’aois, tha e riatanach fon GDPR (General Data Protection Regulation) nach cleachd thu an làrach seo.

Ma tha am frithealaiche seo sna Stàitean Aonaichte (SAA): Tha an làrach, na batharan agus na seirbheisean againn uile ag amas air an fheadhainn a tha co-dhiù 13 bliadhnaichean a dh’aois. Ma tha thu nas òige na 16 bliadhnaichean a dh’aois, tha e riatanach fon COPPA (Children''s Online Privacy Protection Act) nach cleachd thu an làrach seo.

Dh’fhaoidte gu bheil am frithealaiche seo fo riatanasan lagha eile ma tha e ann an uachdranas laghail eile.


Atharraichean air a’ phoileasaidh phrìobhaideachd againn

Ma chuireas sinn romhainn am poileasaidh prìobhaideachd againn atharrachadh, postaichidh sinn na h-atharraichean dhan duilleag seo.

Tha an sgrìobhainn seo fo cheadachas CC-BY-SA. Chaidh ùrachadh an turas mu dheireadh an t-7mh dhen Mhart 2018.

Chaidh a fhreagarrachadh o thùs o phoileasaidh prìobhaideachd Discourse.

nach cleachd thu an làrach seo.

Dh’fhaoidte gu bheil am frithealaiche seo fo riatanasan lagha eile ma tha e ann an uachdranas laghail eile.


Atharraichean air a’ phoileasaidh phrìobhaideachd againn

Ma chuireas sinn romhainn am poileasaidh prìobhaideachd againn atharrachadh, postaichidh sinn na h-atharraichean dhan duilleag seo.

Tha an sgrìobhainn seo fo cheadachas CC-BY-SA. Chaidh ùrachadh an turas mu dheireadh an t-7mh dhen Mhart 2018.

Chaidh a fhreagarrachadh o thùs o phoileasaidh prìobhaideachd Discourse.

- ' +' title: Teirmichean na seirbheise ⁊ poileasaidh prìobhaideachd %{instance} themes: contrast: Mastodon (iomsgaradh àrd) diff --git a/config/locales/gl.yml b/config/locales/gl.yml index 30e4eeab8b..09d7589024 100644 --- a/config/locales/gl.yml +++ b/config/locales/gl.yml @@ -23,7 +23,7 @@ gl: hosted_on: Mastodon aloxado en %{domain} instance_actor_flash: 'Esta conta é un actor virtual utilizado para representar ao servidor e non a unha usuaria individual. Utilízase para propósitos de federación e non debería estar bloqueada a menos que queiras bloquear a toda a instancia, en tal caso deberías utilizar o bloqueo do dominio. - ' +' learn_more: Saber máis privacy_policy: Política de privacidade rules: Regras do servidor diff --git a/config/locales/is.yml b/config/locales/is.yml index 08802a7975..01c87b5980 100644 --- a/config/locales/is.yml +++ b/config/locales/is.yml @@ -272,7 +272,7 @@ is: create_domain_allow_html: "%{name} leyfði skýjasamband með léninu %{target}" create_domain_block_html: "%{name} útilokaði lénið %{target}" create_email_domain_block_html: "%{name} útilokaði póstlénið %{target}" - create_ip_block_html: "{name} útbjó reglu fyrir IP-vistfangið %{target}" + create_ip_block_html: "%{name} útbjó reglu fyrir IP-vistfangið %{target}" create_unavailable_domain_html: "%{name} stöðvaði afhendingu til lénsins %{target}" demote_user_html: "%{name} lækkaði notandann %{target} í tign" destroy_announcement_html: "%{name} eyddi tilkynninguni %{target}" @@ -280,7 +280,7 @@ is: destroy_domain_allow_html: "%{name} bannaði skýjasamband með léninu %{target}" destroy_domain_block_html: "%{name} aflétti útilokun af léninu %{target}" destroy_email_domain_block_html: "%{name} aflétti útilokun af póstléninu %{target}" - destroy_ip_block_html: "{name} eyddi reglu fyrir IP-vistfangið %{target}" + destroy_ip_block_html: "%{name} eyddi reglu fyrir IP-vistfangið %{target}" destroy_status_html: "%{name} fjarlægði stöðufærslu frá %{target}" destroy_unavailable_domain_html: "%{name} hóf aftur afhendingu til lénsins %{target}" disable_2fa_user_html: "%{name} gerði kröfu um tveggja-þátta innskráningu óvirka fyrir notandann %{target}" @@ -290,7 +290,7 @@ is: enable_user_html: "%{name} gerði innskráningu virka fyrir notandann %{target}" memorialize_account_html: "%{name} breytti notandaaðgangnum %{target} í minningargreinarsíðu" promote_user_html: "%{name} hækkaði notandann %{target} í tign" - remove_avatar_user_html: "{name} fjarlægði auðkennismynd af %{target}" + remove_avatar_user_html: "%{name} fjarlægði auðkennismynd af %{target}" reopen_report_html: "%{name} enduropnaði kæru %{target}" reset_password_user_html: "%{name} endurstillti lykilorð fyrir notandann %{target}" resolve_report_html: "%{name} leysti kæru %{target}" @@ -300,7 +300,7 @@ is: unassigned_report_html: "%{name} fjarlægði úthlutun af kæru %{target}" unsensitive_account_html: "%{name} tók merkinguna viðkvæmt af myndefni frá %{target}" unsilence_account_html: "%{name} hætti að hylja notandaaðganginn %{target}" - unsuspend_account_html: "%{name} tók notandaaðganginn {target} úr bið" + unsuspend_account_html: "%{name} tók notandaaðganginn %{target} úr bið" update_announcement_html: "%{name} uppfærði tilkynningu %{target}" update_custom_emoji_html: "%{name} uppfærði tjáningartáknið %{target}" update_domain_block_html: "%{name} uppfærði lénalás fyrir %{target}" diff --git a/config/locales/sc.yml b/config/locales/sc.yml index 18142cb495..4811bc0b76 100644 --- a/config/locales/sc.yml +++ b/config/locales/sc.yml @@ -23,7 +23,7 @@ sc: hosted_on: Mastodon allogiadu in %{domain} instance_actor_flash: 'Custu contu est un''atore virtuale impreadu pro rapresentare su pròpiu serbidore, no est un''utente individuale. Benit impreadu pro punnas de federatzione e no ddu dias dèpere blocare si non boles blocare su domìniu intreu, e in cussu casu dias dèpere impreare unu blocu de domìniu. - ' +' learn_more: Àteras informatziones privacy_policy: Polìtica de riservadesa rules: Règulas de su serbidore From 7bd2b54a468163ebc67802ae53dcf88aa4bf727f Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Mon, 10 May 2021 22:23:48 +0200 Subject: [PATCH 02/11] Bump version to 3.4.0rc2 (#16206) --- CHANGELOG.md | 6 ++++-- lib/mastodon/version.rb | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c393b8d6b0..bc853aaa3b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,7 @@ All notable changes to this project will be documented in this file. ## Unreleased ### Added -- **Add follow recommendations for onboarding** ([Gargron](https://github.com/tootsuite/mastodon/pull/15945), [Gargron](https://github.com/tootsuite/mastodon/pull/16161), [Gargron](https://github.com/tootsuite/mastodon/pull/16060), [Gargron](https://github.com/tootsuite/mastodon/pull/16077), [Gargron](https://github.com/tootsuite/mastodon/pull/16078), [Gargron](https://github.com/tootsuite/mastodon/pull/16160), [Gargron](https://github.com/tootsuite/mastodon/pull/16079), [noellabo](https://github.com/tootsuite/mastodon/pull/16044), [noellabo](https://github.com/tootsuite/mastodon/pull/16045), [Gargron](https://github.com/tootsuite/mastodon/pull/16152), [Gargron](https://github.com/tootsuite/mastodon/pull/16153), [ClearlyClaire](https://github.com/tootsuite/mastodon/pull/16082), [ClearlyClaire](https://github.com/tootsuite/mastodon/pull/16173), [ClearlyClaire](https://github.com/tootsuite/mastodon/pull/16159)) +- **Add follow recommendations for onboarding** ([Gargron](https://github.com/tootsuite/mastodon/pull/15945), [Gargron](https://github.com/tootsuite/mastodon/pull/16161), [Gargron](https://github.com/tootsuite/mastodon/pull/16060), [Gargron](https://github.com/tootsuite/mastodon/pull/16077), [Gargron](https://github.com/tootsuite/mastodon/pull/16078), [Gargron](https://github.com/tootsuite/mastodon/pull/16160), [Gargron](https://github.com/tootsuite/mastodon/pull/16079), [noellabo](https://github.com/tootsuite/mastodon/pull/16044), [noellabo](https://github.com/tootsuite/mastodon/pull/16045), [Gargron](https://github.com/tootsuite/mastodon/pull/16152), [Gargron](https://github.com/tootsuite/mastodon/pull/16153), [ClearlyClaire](https://github.com/tootsuite/mastodon/pull/16082), [ClearlyClaire](https://github.com/tootsuite/mastodon/pull/16173), [ClearlyClaire](https://github.com/tootsuite/mastodon/pull/16159), [ClearlyClaire](https://github.com/tootsuite/mastodon/pull/16189)) - Tutorial on first web UI launch has been replaced with follow suggestions - Follow suggestions take user locale into account and are a mix of accounts most followed by currently active local users, and accounts that wrote the most shared/favourited posts in the last 30 days - Only accounts that have opted-in to being discoverable from their profile settings, and that do not require follow requests, will be suggested @@ -23,7 +23,7 @@ All notable changes to this project will be documented in this file. - The dashboard will now warn you if you some Sidekiq queues are not being processed, if you have not defined any server rules, or if you forgot to run database migrations from the latest Mastodon upgrade - Add inline description of moderation actions in admin UI ([ClearlyClaire](https://github.com/tootsuite/mastodon/pull/15792)) - Add "recommended" label to activity/peers API toggles in admin UI ([Gargron](https://github.com/tootsuite/mastodon/pull/16081)) -- Add joined date to profiles in web UI ([Gargron](https://github.com/tootsuite/mastodon/pull/16169)) +- Add joined date to profiles in web UI ([Gargron](https://github.com/tootsuite/mastodon/pull/16169), [rinsuki](https://github.com/tootsuite/mastodon/pull/16186)) - Add transition to media modal background in web UI ([mkljczk](https://github.com/tootsuite/mastodon/pull/15843)) - Add option to opt-out of unread notification markers in web UI ([ClearlyClaire](https://github.com/tootsuite/mastodon/pull/15842)) - Add borders to 📱, 🚲, and 📲 emojis in web UI ([ClearlyClaire](https://github.com/tootsuite/mastodon/pull/15794), [ClearlyClaire](https://github.com/tootsuite/mastodon/pull/16035)) @@ -44,6 +44,7 @@ All notable changes to this project will be documented in this file. - This param allows an app to control from whom notifications should be delivered as push notifications to the app - Add `details` to error response for `POST /api/v1/accounts` in REST API ([Gargron](https://github.com/tootsuite/mastodon/pull/15803)) - This attribute allows an app to display more helpful information to the user about why the sign-up did not succeed +- Add `SIDEKIQ_REDIS_URL` and related environment variables to optionally use a separate Redis server for Sidekiq ([noellabo](https://github.com/tootsuite/mastodon/pull/16188)) ### Changed @@ -120,6 +121,7 @@ All notable changes to this project will be documented in this file. - Fix trying to fetch key from empty URI when verifying HTTP signature ([Gargron](https://github.com/tootsuite/mastodon/pull/16100)) - Fix `tootctl maintenance fix-duplicates` failures ([ClearlyClaire](https://github.com/tootsuite/mastodon/pull/15923), [ClearlyClaire](https://github.com/tootsuite/mastodon/pull/15515)) - Fix error when removing status caused by race condition ([Gargron](https://github.com/tootsuite/mastodon/pull/16099)) +- Fix blocking someone not clearing up list feeds ([ClearlyClaire](https://github.com/tootsuite/mastodon/pull/16205)) - Fix misspelled URLs character counting ([ClearlyClaire](https://github.com/tootsuite/mastodon/pull/15382)) - Fix Sidekiq hanging forever due to a Resolv bug in Ruby 2.7.3 ([ClearlyClaire](https://github.com/tootsuite/mastodon/pull/16157)) - Fix edge case where follow limit interferes with accepting a follow ([ClearlyClaire](https://github.com/tootsuite/mastodon/pull/16098)) diff --git a/lib/mastodon/version.rb b/lib/mastodon/version.rb index 0a0a7878b4..a8d7a8f951 100644 --- a/lib/mastodon/version.rb +++ b/lib/mastodon/version.rb @@ -17,7 +17,7 @@ module Mastodon end def flags - 'rc1' + 'rc2' end def suffix From be6f4e013a02a2bae07a02dbabd8e9b6721b463d Mon Sep 17 00:00:00 2001 From: abcang Date: Tue, 11 May 2021 21:17:38 +0900 Subject: [PATCH 03/11] Fix eslint error (#16212) --- app/javascript/mastodon/actions/boosts.js | 2 +- .../features/notifications/containers/notification_container.js | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/app/javascript/mastodon/actions/boosts.js b/app/javascript/mastodon/actions/boosts.js index 6e14065d6f..c0f0f3acc5 100644 --- a/app/javascript/mastodon/actions/boosts.js +++ b/app/javascript/mastodon/actions/boosts.js @@ -11,7 +11,7 @@ export function initBoostModal(props) { dispatch({ type: BOOSTS_INIT_MODAL, - privacy + privacy, }); dispatch(openModal('BOOST', props)); diff --git a/app/javascript/mastodon/features/notifications/containers/notification_container.js b/app/javascript/mastodon/features/notifications/containers/notification_container.js index 555d5e1b57..5c984197fa 100644 --- a/app/javascript/mastodon/features/notifications/containers/notification_container.js +++ b/app/javascript/mastodon/features/notifications/containers/notification_container.js @@ -2,7 +2,6 @@ import { connect } from 'react-redux'; import { makeGetNotification, makeGetStatus } from '../../../selectors'; import Notification from '../components/notification'; import { initBoostModal } from '../../../actions/boosts'; -import { openModal } from '../../../actions/modal'; import { mentionCompose } from '../../../actions/compose'; import { reblog, From 7032d4f5828a3b9c7a758604710a57137d24dc66 Mon Sep 17 00:00:00 2001 From: abcang Date: Tue, 11 May 2021 21:18:33 +0900 Subject: [PATCH 04/11] Ignore brakeman false positive warning (#16213) --- config/brakeman.ignore | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/config/brakeman.ignore b/config/brakeman.ignore index 2d47a9aaf0..35f2c31788 100644 --- a/config/brakeman.ignore +++ b/config/brakeman.ignore @@ -7,7 +7,7 @@ "check_name": "SQL", "message": "Possible SQL injection", "file": "app/models/report.rb", - "line": 112, + "line": 113, "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/", "code": "Admin::ActionLog.from(\"(#{[Admin::ActionLog.where(:target_type => \"Report\", :target_id => id, :created_at => ((created_at..updated_at))).unscope(:order), Admin::ActionLog.where(:target_type => \"Account\", :target_id => target_account_id, :created_at => ((created_at..updated_at))).unscope(:order), Admin::ActionLog.where(:target_type => \"Status\", :target_id => status_ids, :created_at => ((created_at..updated_at))).unscope(:order)].map do\n \"(#{query.to_sql})\"\n end.join(\" UNION ALL \")}) AS admin_action_logs\")", "render_path": null, @@ -67,7 +67,7 @@ "check_name": "SQL", "message": "Possible SQL injection", "file": "app/models/account.rb", - "line": 491, + "line": 479, "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/", "code": "find_by_sql([\" WITH first_degree AS (\\n SELECT target_account_id\\n FROM follows\\n WHERE account_id = ?\\n UNION ALL\\n SELECT ?\\n )\\n SELECT\\n accounts.*,\\n (count(f.id) + 1) * ts_rank_cd(#{textsearch}, #{query}, 32) AS rank\\n FROM accounts\\n LEFT OUTER JOIN follows AS f ON (accounts.id = f.account_id AND f.target_account_id = ?)\\n WHERE accounts.id IN (SELECT * FROM first_degree)\\n AND #{query} @@ #{textsearch}\\n AND accounts.suspended_at IS NULL\\n AND accounts.moved_to_account_id IS NULL\\n GROUP BY accounts.id\\n ORDER BY rank DESC\\n LIMIT ? OFFSET ?\\n\".squish, account.id, account.id, account.id, limit, offset])", "render_path": null, @@ -120,6 +120,26 @@ "confidence": "High", "note": "" }, + { + "warning_type": "Mass Assignment", + "warning_code": 105, + "fingerprint": "874be88fedf4c680926845e9a588d3197765a6ccbfdd76466b44cc00151c612e", + "check_name": "PermitAttributes", + "message": "Potentially dangerous key allowed for mass assignment", + "file": "app/controllers/api/v1/admin/reports_controller.rb", + "line": 78, + "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/", + "code": "params.permit(:resolved, :account_id, :target_account_id)", + "render_path": null, + "location": { + "type": "method", + "class": "Api::V1::Admin::ReportsController", + "method": "filter_params" + }, + "user_input": ":account_id", + "confidence": "High", + "note": "" + }, { "warning_type": "SQL Injection", "warning_code": 0, @@ -127,7 +147,7 @@ "check_name": "SQL", "message": "Possible SQL injection", "file": "app/models/account.rb", - "line": 460, + "line": 448, "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/", "code": "find_by_sql([\" SELECT\\n accounts.*,\\n ts_rank_cd(#{textsearch}, #{query}, 32) AS rank\\n FROM accounts\\n WHERE #{query} @@ #{textsearch}\\n AND accounts.suspended_at IS NULL\\n AND accounts.moved_to_account_id IS NULL\\n ORDER BY rank DESC\\n LIMIT ? OFFSET ?\\n\".squish, limit, offset])", "render_path": null, @@ -207,7 +227,7 @@ "check_name": "SQL", "message": "Possible SQL injection", "file": "app/models/account.rb", - "line": 507, + "line": 495, "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/", "code": "find_by_sql([\" SELECT\\n accounts.*,\\n (count(f.id) + 1) * ts_rank_cd(#{textsearch}, #{query}, 32) AS rank\\n FROM accounts\\n LEFT OUTER JOIN follows AS f ON (accounts.id = f.account_id AND f.target_account_id = ?) OR (accounts.id = f.target_account_id AND f.account_id = ?)\\n WHERE #{query} @@ #{textsearch}\\n AND accounts.suspended_at IS NULL\\n AND accounts.moved_to_account_id IS NULL\\n GROUP BY accounts.id\\n ORDER BY rank DESC\\n LIMIT ? OFFSET ?\\n\".squish, account.id, account.id, limit, offset])", "render_path": null, @@ -241,6 +261,6 @@ "note": "" } ], - "updated": "2020-12-07 01:17:13 +0100", - "brakeman_version": "4.10.0" + "updated": "2021-05-11 20:22:27 +0900", + "brakeman_version": "5.0.1" } From b5ad787ebf33b475379d38211c646845f1dcd934 Mon Sep 17 00:00:00 2001 From: abcang Date: Tue, 11 May 2021 21:19:01 +0900 Subject: [PATCH 05/11] Fix rubocop warning (#16214) --- app/lib/activitypub/activity/create.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb index e46361c147..9a29605072 100644 --- a/app/lib/activitypub/activity/create.rb +++ b/app/lib/activitypub/activity/create.rb @@ -46,7 +46,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity return reject_payload! if unsupported_object_type? || invalid_origin?(object_uri) || tombstone_exists? || !related_to_local_activity? lock_or_fail("create:#{object_uri}") do - return if delete_arrived_first?(object_uri) || poll_vote? # rubocop:disable Lint/NonLocalExitFromIterator + return if delete_arrived_first?(object_uri) || poll_vote? @status = find_existing_status From c403c3695b1943882bf88afa9caf55bd8c6acc2f Mon Sep 17 00:00:00 2001 From: Takeshi Umeda Date: Tue, 11 May 2021 21:19:22 +0900 Subject: [PATCH 06/11] Fix to be able to redownload avatar and header (#16190) * Fix to reset if header and avatar download fails * Add RedownloadAvatarWorker and RedownloadHeaderWorker --- app/models/concerns/account_avatar.rb | 2 +- app/models/concerns/account_header.rb | 2 +- app/models/concerns/remotable.rb | 2 ++ .../activitypub/process_account_service.rb | 12 ++++++-- app/workers/redownload_avatar_worker.rb | 29 +++++++++++++++++++ app/workers/redownload_header_worker.rb | 29 +++++++++++++++++++ 6 files changed, 72 insertions(+), 4 deletions(-) create mode 100644 app/workers/redownload_avatar_worker.rb create mode 100644 app/workers/redownload_header_worker.rb diff --git a/app/models/concerns/account_avatar.rb b/app/models/concerns/account_avatar.rb index 2d5ebfca35..1af53ed235 100644 --- a/app/models/concerns/account_avatar.rb +++ b/app/models/concerns/account_avatar.rb @@ -21,7 +21,7 @@ module AccountAvatar has_attached_file :avatar, styles: ->(f) { avatar_styles(f) }, convert_options: { all: '-strip' }, processors: [:lazy_thumbnail] validates_attachment_content_type :avatar, content_type: IMAGE_MIME_TYPES validates_attachment_size :avatar, less_than: LIMIT - remotable_attachment :avatar, LIMIT + remotable_attachment :avatar, LIMIT, suppress_errors: false end def avatar_original_url diff --git a/app/models/concerns/account_header.rb b/app/models/concerns/account_header.rb index 067e166eb6..72a3d05665 100644 --- a/app/models/concerns/account_header.rb +++ b/app/models/concerns/account_header.rb @@ -22,7 +22,7 @@ module AccountHeader has_attached_file :header, styles: ->(f) { header_styles(f) }, convert_options: { all: '-strip' }, processors: [:lazy_thumbnail] validates_attachment_content_type :header, content_type: IMAGE_MIME_TYPES validates_attachment_size :header, less_than: LIMIT - remotable_attachment :header, LIMIT + remotable_attachment :header, LIMIT, suppress_errors: false end def header_original_url diff --git a/app/models/concerns/remotable.rb b/app/models/concerns/remotable.rb index 56b9c01642..ffe8a7565c 100644 --- a/app/models/concerns/remotable.rb +++ b/app/models/concerns/remotable.rb @@ -28,9 +28,11 @@ module Remotable end rescue Mastodon::UnexpectedResponseError, HTTP::TimeoutError, HTTP::ConnectionError, OpenSSL::SSL::SSLError => e Rails.logger.debug "Error fetching remote #{attachment_name}: #{e}" + public_send("#{attachment_name}=", nil) if public_send("#{attachment_name}_file_name").present? raise e unless suppress_errors rescue Paperclip::Errors::NotIdentifiedByImageMagickError, Addressable::URI::InvalidURIError, Mastodon::HostValidationError, Mastodon::LengthValidationError, Paperclip::Error, Mastodon::DimensionsValidationError, Mastodon::StreamValidationError => e Rails.logger.debug "Error fetching remote #{attachment_name}: #{e}" + public_send("#{attachment_name}=", nil) if public_send("#{attachment_name}_file_name").present? end nil diff --git a/app/services/activitypub/process_account_service.rb b/app/services/activitypub/process_account_service.rb index bb2e8f6650..7e268f4d49 100644 --- a/app/services/activitypub/process_account_service.rb +++ b/app/services/activitypub/process_account_service.rb @@ -106,8 +106,16 @@ class ActivityPub::ProcessAccountService < BaseService end def set_fetchable_attributes! - @account.avatar_remote_url = image_url('icon') || '' unless skip_download? - @account.header_remote_url = image_url('image') || '' unless skip_download? + begin + @account.avatar_remote_url = image_url('icon') || '' unless skip_download? + rescue Mastodon::UnexpectedResponseError, HTTP::TimeoutError, HTTP::ConnectionError, OpenSSL::SSL::SSLError + RedownloadAvatarWorker.perform_in(rand(30..600).seconds, @account.id) + end + begin + @account.header_remote_url = image_url('image') || '' unless skip_download? + rescue Mastodon::UnexpectedResponseError, HTTP::TimeoutError, HTTP::ConnectionError, OpenSSL::SSL::SSLError + RedownloadHeaderWorker.perform_in(rand(30..600).seconds, @account.id) + end @account.statuses_count = outbox_total_items if outbox_total_items.present? @account.following_count = following_total_items if following_total_items.present? @account.followers_count = followers_total_items if followers_total_items.present? diff --git a/app/workers/redownload_avatar_worker.rb b/app/workers/redownload_avatar_worker.rb new file mode 100644 index 0000000000..df17b7718d --- /dev/null +++ b/app/workers/redownload_avatar_worker.rb @@ -0,0 +1,29 @@ +# frozen_string_literal: true + +class RedownloadAvatarWorker + include Sidekiq::Worker + include ExponentialBackoff + include JsonLdHelper + + sidekiq_options queue: 'pull', retry: 7 + + def perform(id) + account = Account.find(id) + + return if account.suspended? || DomainBlock.rule_for(account.domain)&.reject_media? + return if account.avatar_remote_url.blank? || account.avatar_file_name.present? + + account.reset_avatar! + account.save! + rescue ActiveRecord::RecordNotFound + # Do nothing + rescue Mastodon::UnexpectedResponseError => e + response = e.response + + if response_error_unsalvageable?(response) + # Give up + else + raise e + end + end +end diff --git a/app/workers/redownload_header_worker.rb b/app/workers/redownload_header_worker.rb new file mode 100644 index 0000000000..3b142ec5f9 --- /dev/null +++ b/app/workers/redownload_header_worker.rb @@ -0,0 +1,29 @@ +# frozen_string_literal: true + +class RedownloadHeaderWorker + include Sidekiq::Worker + include ExponentialBackoff + include JsonLdHelper + + sidekiq_options queue: 'pull', retry: 7 + + def perform(id) + account = Account.find(id) + + return if account.suspended? || DomainBlock.rule_for(account.domain)&.reject_media? + return if account.header_remote_url.blank? || account.header_file_name.present? + + account.reset_header! + account.save! + rescue ActiveRecord::RecordNotFound + # Do nothing + rescue Mastodon::UnexpectedResponseError => e + response = e.response + + if response_error_unsalvageable?(response) + # Give up + else + raise e + end + end +end From be353bccbbdd932ace6c42fee9d0a0e58330f0d3 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Tue, 11 May 2021 19:14:59 +0200 Subject: [PATCH 07/11] Fix error when rendering actor with hashtags in bio (#16218) Fix #16217, regression from #16160 --- app/serializers/activitypub/actor_serializer.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/serializers/activitypub/actor_serializer.rb b/app/serializers/activitypub/actor_serializer.rb index d92aae7b39..a7d948976f 100644 --- a/app/serializers/activitypub/actor_serializer.rb +++ b/app/serializers/activitypub/actor_serializer.rb @@ -177,7 +177,7 @@ class ActivityPub::ActorSerializer < ActivityPub::Serializer end def href - explore_hashtag_url(object) + tag_url(object) end def name From 5ed5f62705a0d9dd58f4eb617445683ee8bd2378 Mon Sep 17 00:00:00 2001 From: rinsuki <428rinsuki+git@gmail.com> Date: Wed, 12 May 2021 02:15:11 +0900 Subject: [PATCH 08/11] Fix animated GIF generates animated thumbnail (#16216) --- lib/paperclip/gif_transcoder.rb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/paperclip/gif_transcoder.rb b/lib/paperclip/gif_transcoder.rb index 74aa1a0b26..d14465c018 100644 --- a/lib/paperclip/gif_transcoder.rb +++ b/lib/paperclip/gif_transcoder.rb @@ -108,9 +108,11 @@ module Paperclip final_file = Paperclip::Transcoder.make(file, options, attachment) - attachment.instance.file_file_name = File.basename(attachment.instance.file_file_name, '.*') + '.mp4' - attachment.instance.file_content_type = 'video/mp4' - attachment.instance.type = MediaAttachment.types[:gifv] + if options[:style] == :original + attachment.instance.file_file_name = File.basename(attachment.instance.file_file_name, '.*') + '.mp4' + attachment.instance.file_content_type = 'video/mp4' + attachment.instance.type = MediaAttachment.types[:gifv] + end final_file end @@ -118,7 +120,7 @@ module Paperclip private def needs_convert? - options[:style] == :original && GifReader.animated?(file.path) + GifReader.animated?(file.path) end end end From 0464240f196ff7f98b887c23fd7905be8dc432dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A9lanie=20Chauvel?= Date: Tue, 11 May 2021 21:15:57 +0200 Subject: [PATCH 09/11] Fix dialog close button (#16219) * Fix dialog close button being white on almost white * Make dialog close button slightly bigger --- .../mastodon/features/ui/components/focal_point_modal.js | 2 +- .../mastodon/features/ui/components/report_modal.js | 2 +- app/javascript/styles/mastodon/components.scss | 7 ++++--- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/app/javascript/mastodon/features/ui/components/focal_point_modal.js b/app/javascript/mastodon/features/ui/components/focal_point_modal.js index ffa783e3b0..3457b76330 100644 --- a/app/javascript/mastodon/features/ui/components/focal_point_modal.js +++ b/app/javascript/mastodon/features/ui/components/focal_point_modal.js @@ -309,7 +309,7 @@ class FocalPointModal extends ImmutablePureComponent { return (
- +
diff --git a/app/javascript/mastodon/features/ui/components/report_modal.js b/app/javascript/mastodon/features/ui/components/report_modal.js index 2e41f784dd..f4f0a38842 100644 --- a/app/javascript/mastodon/features/ui/components/report_modal.js +++ b/app/javascript/mastodon/features/ui/components/report_modal.js @@ -91,7 +91,7 @@ class ReportModal extends ImmutablePureComponent { return (
- + {account.get('acct')} }} />
diff --git a/app/javascript/styles/mastodon/components.scss b/app/javascript/styles/mastodon/components.scss index d3dd1af602..f1f9757462 100644 --- a/app/javascript/styles/mastodon/components.scss +++ b/app/javascript/styles/mastodon/components.scss @@ -5297,9 +5297,10 @@ a.status-card.compact:hover { .report-modal__target { padding: 15px; - .media-modal__close { - top: 14px; - right: 15px; + .report-modal__close { + position: absolute; + top: 10px; + right: 10px; } } From 4f747d9f8355f5b226ae29b8d63bd83e3886db58 Mon Sep 17 00:00:00 2001 From: Claire Date: Tue, 11 May 2021 21:16:24 +0200 Subject: [PATCH 10/11] Fix follow recommendations UI in advanced layout (#16215) --- .../mastodon/features/follow_recommendations/index.js | 2 +- app/javascript/styles/mastodon/components.scss | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/app/javascript/mastodon/features/follow_recommendations/index.js b/app/javascript/mastodon/features/follow_recommendations/index.js index a35ff3e824..26c8b24716 100644 --- a/app/javascript/mastodon/features/follow_recommendations/index.js +++ b/app/javascript/mastodon/features/follow_recommendations/index.js @@ -76,7 +76,7 @@ class FollowRecommendations extends ImmutablePureComponent { return ( -
+

diff --git a/app/javascript/styles/mastodon/components.scss b/app/javascript/styles/mastodon/components.scss index f1f9757462..b0216f5aba 100644 --- a/app/javascript/styles/mastodon/components.scss +++ b/app/javascript/styles/mastodon/components.scss @@ -2508,13 +2508,20 @@ a.account__display-name { } } +.follow-recommendations-container { + display: flex; + flex-direction: column; +} + .column-actions { display: flex; - align-items: center; + align-items: start; justify-content: center; padding: 40px; padding-top: 40px; padding-bottom: 200px; + flex-grow: 1; + position: relative; &__background { position: absolute; From 70f6f2e9b70afe5af17ee9aaec777565bdef8aed Mon Sep 17 00:00:00 2001 From: Claire Date: Tue, 11 May 2021 22:21:47 +0200 Subject: [PATCH 11/11] Fix empty CW when a content-less toot with a CW is encountered twice (#16220) --- app/javascript/mastodon/actions/importer/normalizer.js | 1 + 1 file changed, 1 insertion(+) diff --git a/app/javascript/mastodon/actions/importer/normalizer.js b/app/javascript/mastodon/actions/importer/normalizer.js index abd5681d47..5002292b91 100644 --- a/app/javascript/mastodon/actions/importer/normalizer.js +++ b/app/javascript/mastodon/actions/importer/normalizer.js @@ -60,6 +60,7 @@ export function normalizeStatus(status, normalOldStatus) { normalStatus.search_index = normalOldStatus.get('search_index'); normalStatus.contentHtml = normalOldStatus.get('contentHtml'); normalStatus.spoilerHtml = normalOldStatus.get('spoilerHtml'); + normalStatus.spoiler_text = normalOldStatus.get('spoiler_text'); normalStatus.hidden = normalOldStatus.get('hidden'); } else { // If the status has a CW but no contents, treat the CW as if it were the