Merge pull request #1726 from ClearlyClaire/glitch-soc/merge-upstream

Merge upstream changes
main
Claire 2022-03-30 18:28:07 +02:00 committed by GitHub
commit 363773d0e9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 67 additions and 22 deletions

View File

@ -13,9 +13,6 @@ on:
jobs: jobs:
build-image: build-image:
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy:
matrix:
os: [linux/arm64, linux/amd64]
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- uses: docker/setup-qemu-action@v1 - uses: docker/setup-qemu-action@v1
@ -39,7 +36,7 @@ jobs:
- uses: docker/build-push-action@v2 - uses: docker/build-push-action@v2
with: with:
context: . context: .
platforms: ${{ matrix.os }} platforms: linux/amd64,linux/arm64
push: ${{ github.event_name != 'pull_request' }} push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/mastodon:latest cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/mastodon:latest

View File

@ -3,7 +3,7 @@ Changelog
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
## Unreleased ## [3.5.0] - 2022-03-30
### Added ### Added
- **Add support for incoming edited posts** ([Gargron](https://github.com/mastodon/mastodon/pull/16697), [Gargron](https://github.com/mastodon/mastodon/pull/17727), [Gargron](https://github.com/mastodon/mastodon/pull/17728), [Gargron](https://github.com/mastodon/mastodon/pull/17320), [Gargron](https://github.com/mastodon/mastodon/pull/17404), [Gargron](https://github.com/mastodon/mastodon/pull/17390), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/17335), [Gargron](https://github.com/mastodon/mastodon/pull/17696), [Gargron](https://github.com/mastodon/mastodon/pull/17745), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/17740), [Gargron](https://github.com/mastodon/mastodon/pull/17697), [Gargron](https://github.com/mastodon/mastodon/pull/17648), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/17531), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/17499), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/17498), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/17380), [Gargron](https://github.com/mastodon/mastodon/pull/17373), [Gargron](https://github.com/mastodon/mastodon/pull/17334), [Gargron](https://github.com/mastodon/mastodon/pull/17333), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/17699), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/17748)) - **Add support for incoming edited posts** ([Gargron](https://github.com/mastodon/mastodon/pull/16697), [Gargron](https://github.com/mastodon/mastodon/pull/17727), [Gargron](https://github.com/mastodon/mastodon/pull/17728), [Gargron](https://github.com/mastodon/mastodon/pull/17320), [Gargron](https://github.com/mastodon/mastodon/pull/17404), [Gargron](https://github.com/mastodon/mastodon/pull/17390), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/17335), [Gargron](https://github.com/mastodon/mastodon/pull/17696), [Gargron](https://github.com/mastodon/mastodon/pull/17745), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/17740), [Gargron](https://github.com/mastodon/mastodon/pull/17697), [Gargron](https://github.com/mastodon/mastodon/pull/17648), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/17531), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/17499), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/17498), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/17380), [Gargron](https://github.com/mastodon/mastodon/pull/17373), [Gargron](https://github.com/mastodon/mastodon/pull/17334), [Gargron](https://github.com/mastodon/mastodon/pull/17333), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/17699), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/17748))
@ -197,6 +197,11 @@ All notable changes to this project will be documented in this file.
- Fix hashtag autocomplete overriding user-typed case ([weex](https://github.com/mastodon/mastodon/pull/16460)) - Fix hashtag autocomplete overriding user-typed case ([weex](https://github.com/mastodon/mastodon/pull/16460))
- Fix WebAuthn authentication setup to not prompt for PIN ([truongnmt](https://github.com/mastodon/mastodon/pull/16545)) - Fix WebAuthn authentication setup to not prompt for PIN ([truongnmt](https://github.com/mastodon/mastodon/pull/16545))
### Security
- Fix being able to post URLs longer than 4096 characters ([Gargron](https://github.com/mastodon/mastodon/pull/17908))
- Fix being able to bypass e-mail restrictions ([Gargron](https://github.com/mastodon/mastodon/pull/17909))
## [3.4.6] - 2022-02-03 ## [3.4.6] - 2022-02-03
### Fixed ### Fixed

View File

@ -1,6 +1,8 @@
# frozen_string_literal: true # frozen_string_literal: true
module Extractor module Extractor
MAX_DOMAIN_LENGTH = 253
extend Twitter::TwitterText::Extractor extend Twitter::TwitterText::Extractor
module_function module_function
@ -30,6 +32,10 @@ module Extractor
after = $' after = $'
unless Twitter::TwitterText::Regex[:end_mention_match].match?(after) unless Twitter::TwitterText::Regex[:end_mention_match].match?(after)
_, domain = screen_name.split('@')
next if domain.present? && domain.length > MAX_DOMAIN_LENGTH
start_position = match_data.char_begin(1) - 1 start_position = match_data.char_begin(1) - 1
end_position = match_data.char_end(1) end_position = match_data.char_end(1)

View File

@ -91,11 +91,11 @@ class User < ApplicationRecord
validates :invite_request, presence: true, on: :create, if: :invite_text_required? validates :invite_request, presence: true, on: :create, if: :invite_text_required?
validates :locale, inclusion: I18n.available_locales.map(&:to_s), if: :locale? validates :locale, inclusion: I18n.available_locales.map(&:to_s), if: :locale?
validates_with BlacklistedEmailValidator, on: :create validates_with BlacklistedEmailValidator, if: -> { !confirmed? }
validates_with EmailMxValidator, if: :validate_email_dns? validates_with EmailMxValidator, if: :validate_email_dns?
validates :agreement, acceptance: { allow_nil: false, accept: [true, 'true', '1'] }, on: :create validates :agreement, acceptance: { allow_nil: false, accept: [true, 'true', '1'] }, on: :create
# Those are honeypot/antispam fields # Honeypot/anti-spam fields
attr_accessor :registration_form_time, :website, :confirm_password attr_accessor :registration_form_time, :website, :confirm_password
validates_with RegistrationFormTimeValidator, on: :create validates_with RegistrationFormTimeValidator, on: :create

View File

@ -3,35 +3,57 @@
class StatusLengthValidator < ActiveModel::Validator class StatusLengthValidator < ActiveModel::Validator
MAX_CHARS = (ENV['MAX_TOOT_CHARS'] || 500).to_i MAX_CHARS = (ENV['MAX_TOOT_CHARS'] || 500).to_i
URL_PLACEHOLDER_CHARS = 23 URL_PLACEHOLDER_CHARS = 23
URL_PLACEHOLDER = "\1#{'x' * URL_PLACEHOLDER_CHARS}" URL_PLACEHOLDER = 'x' * 23
def validate(status) def validate(status)
return unless status.local? && !status.reblog? return unless status.local? && !status.reblog?
@status = status status.errors.add(:text, I18n.t('statuses.over_character_limit', max: MAX_CHARS)) if too_long?(status)
status.errors.add(:text, I18n.t('statuses.over_character_limit', max: MAX_CHARS)) if too_long?
end end
private private
def too_long? def too_long?(status)
countable_length > MAX_CHARS countable_length(combined_text(status)) > MAX_CHARS
end end
def countable_length def countable_length(str)
total_text.mb_chars.grapheme_length str.mb_chars.grapheme_length
end end
def total_text def combined_text(status)
[@status.spoiler_text, countable_text].join [status.spoiler_text, countable_text(status.text)].join
end end
def countable_text def countable_text(str)
return '' if @status.text.nil? return '' if str.blank?
@status.text.dup.tap do |new_text| # To ensure that we only give length concessions to entities that
new_text.gsub!(FetchLinkCardService::URL_PATTERN, URL_PLACEHOLDER) # will be correctly parsed during formatting, we go through full
new_text.gsub!(Account::MENTION_RE, '@\2') # entity extraction
entities = Extractor.remove_overlapping_entities(Extractor.extract_urls_with_indices(str, extract_url_without_protocol: false) + Extractor.extract_mentions_or_lists_with_indices(str))
rewrite_entities(str, entities) do |entity|
if entity[:url]
URL_PLACEHOLDER
elsif entity[:screen_name]
"@#{entity[:screen_name].split('@').first}"
end
end end
end end
def rewrite_entities(str, entities)
entities.sort_by! { |entity| entity[:indices].first }
result = ''.dup
last_index = entities.reduce(0) do |index, entity|
result << str[index...entity[:indices].first]
result << yield(entity)
entity[:indices].last
end
result << str[last_index..-1]
result
end
end end

View File

@ -17,7 +17,7 @@ module Mastodon
end end
def flags def flags
'rc3' ''
end end
def suffix def suffix

View File

@ -55,6 +55,13 @@ describe StatusLengthValidator do
expect(status.errors).to have_received(:add) expect(status.errors).to have_received(:add)
end end
it 'does not count overly long URLs as 23 characters flat' do
text = "http://example.com/valid?#{'#foo?' * 1000}"
status = double(spoiler_text: '', text: text, errors: double(add: nil), local?: true, reblog?: false)
subject.validate(status)
expect(status.errors).to have_received(:add)
end
it 'counts only the front part of remote usernames' do it 'counts only the front part of remote usernames' do
username = '@alice' username = '@alice'
chars = StatusLengthValidator::MAX_CHARS - 1 - username.length chars = StatusLengthValidator::MAX_CHARS - 1 - username.length
@ -64,5 +71,13 @@ describe StatusLengthValidator do
subject.validate(status) subject.validate(status)
expect(status.errors).to_not have_received(:add) expect(status.errors).to_not have_received(:add)
end end
it 'does count both parts of remote usernames for overly long domains' do
text = "@alice@#{'b' * 500}.com"
status = double(spoiler_text: '', text: text, errors: double(add: nil), local?: true, reblog?: false)
subject.validate(status)
expect(status.errors).to have_received(:add)
end
end end
end end