Commit Graph

998 Commits (4b26e44ef4c6ac1ccbe6999477497a920e7fd400)

Author SHA1 Message Date
Claire b2515feb29 Merge commit 'cfd50f30bb5dda4dd90e1ad01f3e62c99135c36f' into glitch-soc/merge-upstream 2023-07-30 14:33:28 +02:00
Claire 7635c67450 Merge commit '144a406d332b034caa812ade2629df03ed4898d7' into glitch-soc/merge-upstream
Conflicts:
- `app/views/layouts/application.html.haml`:
  Upstream removed the `crossorigin` attribute from `preload_pack_asset`.
  Glitch-soc had different calls to `preload_pack_asset` because of the
  different theming system.
  Ported the change.
- `app/views/layouts/embedded.html.haml`:
  Upstream removed the `crossorigin` attribute from `preload_pack_asset`.
  Glitch-soc had different calls to `preload_pack_asset` because of the
  different theming system.
  Ported the change.
2023-07-30 13:42:06 +02:00
Claire f2c683336b
Bump version to v4.1.5 (#26108) 2023-07-21 21:23:14 +02:00
Renaud Chaput 42698b4c5c
Fix the crossorigin attribute (#26096) 2023-07-21 11:14:26 +02:00
Claire 9ae60f8738 Merge commit '82e477b184b5666fff7fb55933dce22ca2925db8' into glitch-soc/merge-upstream
Conflicts:
- `db/migrate/20180831171112_create_bookmarks.rb`:
  Upstream ran a lint fix on this file, but this file is different in
  glitch-soc because the feature was added much earlier.
  Ran the lint fix on our own version of the file.
2023-07-12 16:03:05 +02:00
Matt Jankowski f831452037
Refactor `Snowflake` to avoid brakeman sql injection warnings (#25879) 2023-07-12 10:44:58 +02:00
Matt Jankowski b8b2470cf8
Fix `Style/SlicingWithRange` cop (#25923) 2023-07-12 10:03:06 +02:00
Nick Schonning 1d557305d2
Enable Rubocop Style/FrozenStringLiteralComment (#23793) 2023-07-12 09:47:08 +02:00
Claire b9aa228c54 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `.github/workflows/build-image.yml`:
  Upstream attempted something with tags.
  Kept our version.
2023-07-07 19:59:43 +02:00
Claire 0051128387
Bump version to v4.1.4 (#25805) 2023-07-07 19:42:03 +02:00
Claire 71d44949bf
Fix branding:generate_app_icons failing because of disallowed ICO coder (#25794) 2023-07-07 18:10:00 +02:00
Claire ff7aae3037 Merge branch 'main' into glitch-soc/merge-upstream 2023-07-06 15:16:34 +02:00
Claire 5e1752ce3f
Bump version to v4.1.3 (#25757) 2023-07-06 15:14:42 +02:00
Claire dc8f1fbd97
Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Claire 6d8e0fae3e
Merge pull request from GHSA-ccm4-vgcc-73hp
* Tighten allowed HTML in oEmbed-based preview cards

* Sanitize preview cards at render time

* Add `sandbox` attribute to preview card iframes
2023-07-06 15:03:33 +02:00
Claire fed9cbfd2b
Add hardened headers to user-uploaded files (#25756) 2023-07-06 14:31:37 +02:00
Claire 178e151019 Merge commit '55e7c08a83547424024bac311d5459cb82cf6dae' into glitch-soc/merge-upstream
Conflicts:
- `app/models/user_settings.rb`:
  Upstream added a constraint on a setting textually close
  to glitch-soc-only settings.
  Applied upstream's change.
- `lib/sanitize_ext/sanitize_config.rb`:
  Upstream added support for the `translate` attribute on a few elements,
  where glitch-soc had a different set of allowed elements and attributes.
  Extended glitch-soc's allowed attributes with `translate` as upstream did.
- `spec/validators/status_length_validator_spec.rb`:
  Upstream refactored to use RSpec's `instance_double` instead of `double`,
  but glitch-soc had changes to tests due to configurable max toot chars.
  Applied upstream's changes while keeping tests against configurable max
  toot chars.
2023-06-25 14:27:38 +02:00
Claire c78280a8ce
Add translate="no" to outgoing mentions and links (#25524) 2023-06-20 18:10:19 +02:00
Plastikmensch eba3411bfa
Re-allow title attribute in <abbr> (#2254)
* Re-allow title attribute in <abbr>

This was accidentally removed in 7623e18124

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>

* Add test

Add a new test to check that title attribute on <abbr> is kept.

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>

---------

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>
2023-06-19 18:01:35 +02:00
Claire 65cbcce997 Merge commit '39110d1d0af5e3d9cf452ae47496a52797249fd0' into glitch-soc/merge-upstream 2023-06-18 10:36:14 +02:00
Matt Jankowski b5675e265e
Add coverage for `CLI::Feeds` command (#25319) 2023-06-10 18:37:36 +02:00
Matt Jankowski 07933db788
Add coverage for `CLI::Cache` command (#25238) 2023-06-10 18:36:09 +02:00
Claire c48ec9cb8c Merge commit 'b85c387c5c0527b0ad31c27031a09d361826c5fc' into glitch-soc/merge-upstream
Conflicts:
- `config/initializers/content_security_policy.rb`:
  Kept our version, it was not affected by upstream's bug.
2023-06-10 16:48:01 +02:00
Claire d8b0a732aa Merge commit '1483a3ddfe74e4fb81d87447a1781943eab86c60' into glitch-soc/merge-upstream
Conflicts:
- `config/initializers/simple_form.rb`:
  Upstream added a new simple_form component, where we had an extra one.
  Kept both components.
2023-06-10 16:22:14 +02:00
Claire aa57f7e3e2 Merge commit '5fae2de454806730742b7be7435ae1c4fb97cf3c' into glitch-soc/merge-upstream 2023-06-10 15:17:08 +02:00
Nick Schonning c66250abf1
Autofix Rubocop Regex Style rules (#23690)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-06-06 14:50:51 +02:00
Claire c22fc2fa80 Merge commit '00c222377db0e305ac3f4a15bf1c18eb89c1f45f' into glitch-soc/merge-upstream
Conflicts:
- `.rubocop_todo.yml`:
  Took upstream's changes.
2023-06-05 13:25:22 +02:00
Jed Fox 768b00c4d0
Consistently use middle dot (·) instead of bullet (•) to separate items (#25248) 2023-06-02 19:58:18 +02:00
Matt Jankowski cd4f0feab8
Extract verify options method in search cli (#25121) 2023-06-01 14:35:05 +02:00
Matt Jankowski 35c1c3e57a
Add CLI area progress bar helper (#25208) 2023-06-01 14:31:24 +02:00
Matt Jankowski dc26140d54
Use thor methods instead of tty prompt in maintenance cli (#25207) 2023-05-31 19:40:16 +02:00
Matt Jankowski 1baf40077b
Fix FormatStringToken cop in CLI (#25122) 2023-05-30 16:21:53 +02:00
Matt Jankowski 80c7de9984
Fix Rails/WhereExists cop in CLI (#25123) 2023-05-30 16:09:57 +02:00
Matt Jankowski b7b96efd17
Extract helper method for error report in cli/accounts command (#25119) 2023-05-30 16:09:15 +02:00
Matt Jankowski 2cecb2dc9e
Increment index which was previously not used in maintenance CLI loop (#25118) 2023-05-30 16:08:47 +02:00
Matt Jankowski ec9bc7e604
Consistent usage of CLI `dry_run?` method (#25116) 2023-05-30 16:07:44 +02:00
Claire 0669783da8 Merge branch 'main' into glitch-soc/merge-upstream 2023-05-28 17:01:25 +02:00
Claire 0e7466717f Merge commit '391c089d0db58d731765dba730a5e1f2fe8570a6' into glitch-soc/merge-upstream
Conflicts:
- `.github/dependabot.yml`:
  We removed it from glitch-soc.
  Keep it deleted.
2023-05-28 16:41:14 +02:00
Claire 6dbd44faea Merge commit 'b896b16cb3c8626fbee12a7eda7f882114b1a040' into glitch-soc/merge-upstream 2023-05-28 15:01:53 +02:00
Matt Jankowski 55785b1603
Extract methods for user de-duping in maintenance CLI (#25117) 2023-05-26 09:42:16 +02:00
Claire 2e02d03524 Merge commit '4a22e72b9b1b8f14792efcc649b0db8bc27f0df2' into glitch-soc/merge-upstream 2023-05-25 22:59:30 +02:00
Claire 1d588d58f1
Improve various queries against account domains (#25126) 2023-05-25 09:27:16 +02:00
Matt Jankowski 384345b0de
Add CLI Base class for command line code (#25106) 2023-05-24 11:55:40 +02:00
Matt Jankowski b6b4ea4ca5
Move the mastodon/*_cli files to mastodon/cli/* (#24139) 2023-05-23 16:08:26 +02:00
Nick Schonning 99e2e9b81f
Fix minor typos in comments and spec names (#21831) 2023-05-19 17:13:29 +02:00
Claire 1a664560cc Merge commit '6aeb162927e6f9bbfd597632a10d82d9656c2385' into glitch-soc/merge-upstream
Conflicts:
- `.github/dependabot.yml`:
  We deleted it.
  Kept it removed.
- `app/javascript/packs/public.jsx`:
  Upstream changed an import, we have slightly different ones.
  Ported upstream changes.
2023-05-09 23:12:48 +02:00
Daniel M Brasil 536dd046d4
Add ability to block sign-ups from IP using the CLI (#24870) 2023-05-09 14:46:00 +02:00
Daniel M Brasil ffb3fef7db
Fix uncaught `ActiveRecord::StatementInvalid` in Mastodon::IpBlocksCLI (#24861) 2023-05-09 14:45:47 +02:00
Claire 8b31030fe4 Fix rubocop issues in glitch-soc-specific code 2023-05-08 19:28:43 +02:00
Claire d77fbbed73 Merge commit 'f877aa9d70d0d600961989b8e97c0e0ce3ac1db6' into glitch-soc/merge-upstream
Conflicts:
- `.github/dependabot.yml`:
  Upstream made changes, but we had removed it.
  Discarded upstream changes.
- `.rubocop_todo.yml`:
  Upstream regenerated the file, we had some glitch-soc-specific ignores.
- `app/models/account_statuses_filter.rb`:
  Minor upstream code style change where glitch-soc had slightly different code
  due to handling of local-only posts.
  Updated to match upstream's code style.
- `app/models/status.rb`:
  Upstream moved ActiveRecord callback definitions, glitch-soc had an extra one.
  Moved the definitions as upstream did.
- `app/services/backup_service.rb`:
  Upstream rewrote a lot of the backup service, glitch-soc had changes because
  of exporting local-only posts.
  Took upstream changes and added back code to deal with local-only posts.
- `config/routes.rb`:
  Upstream split the file into different files, while glitch-soc had a few
  extra routes.
  Extra routes added to `config/routes/settings.rb`, `config/routes/api.rb`
  and `config/routes/admin.rb`
- `db/schema.rb`:
  Upstream has new migrations, while glitch-soc had an extra migration.
  Updated the expected serial number to match upstream's.
- `lib/mastodon/version.rb`:
  Upstream added support to set version tags from environment variables, while
  glitch-soc has an extra `+glitch` tag.
  Changed the code to support upstream's feature but prepending a `+glitch`.
- `spec/lib/activitypub/activity/create_spec.rb`:
  Minor code style change upstream, while glitch-soc has extra tests due to
  `directMessage` handling.
  Applied upstream's changes while keeping glitch-soc's extra tests.
- `spec/models/concerns/account_interactions_spec.rb`:
  Minor code style change upstream, while glitch-soc has extra tests.
  Applied upstream's changes while keeping glitch-soc's extra tests.
2023-05-08 19:28:21 +02:00