treehouse
/
mastodon
20
8
Fork 5
Code Issues 32 Pull Requests Projects 1 Releases Wiki Activity
18,602 Commits
12 Branches
15 Tags
760 MiB
Commit Graph

2220 Commits (0cf9fcd5e9f197607fd4dfe5ded57ff8248716ff)

Author SHA1 Message Date
kouhai dev 234f7cc84e th: Merge remote-tracking branch 'glitch/main' 
fixes: CVE-2023-36459
fixes: CVE-2023-36460
fixes: CVE-2023-36461
fixes: CVE-2023-36462
fixes: GHSA-55j9-c3mp-6fcq
fixes: GHSA-9928-3cp5-93fm
fixes: GHSA-9pxv-6qvf-pjwc
fixes: GHSA-ccm4-vgcc-73hp
 2023-07-06 12:12:21 -07:00
Claire 3581e4be49 Merge branch 'main' into glitch-soc/merge-upstream 2023-07-06 15:16:34 +02:00
Claire 3445bdfa45 Merge pull request from GHSA-9928-3cp5-93fm 
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
 2023-07-06 15:05:05 +02:00
Claire 784f2f35bc Merge branch 'main' into glitch-soc/merge-upstream 2023-07-05 12:01:26 +02:00
kouhai dev fa0f31a8fb th: merge glitch again (lol) 2023-07-05 01:14:10 -07:00
kouhai dev 280cf13f59 th: add invite limits behind TH_USE_INVITE_QUOTA 
TH_USE_INVITE_QUOTA: feature flag
TH_INVITE_MAX_USES: max uses per invite for non-moderators
TH_ACTIVE_INVITE_SLOT_QUOTA: max slots in active invites, including consumed slots
 2023-07-05 00:20:28 -07:00
Daniel M Brasil 2b877ad937 Fix `/api/v2/search` not working with following query param (#25681) 2023-07-03 18:06:57 +02:00
Claire 0a6bc158bd Merge branch 'main' into glitch-soc/merge-upstream 2023-07-02 11:49:08 +02:00
Daniel M Brasil 2f17abc686 Fix HTTP 500 in `/api/v1/emails/check_confirmation` (#25595) 2023-07-02 00:05:44 +02:00
Matt Jankowski 843448c7d9 Fix rails `rewhere` deprecation warning in directories api controller (#25625) 2023-07-01 21:48:16 +02:00
Claire 85dc0869a5 Fix ResolveURLService not resolving local URLs for remote content (#25637) 2023-06-29 14:48:54 +02:00
jsgoldstein 5d75bf9846 Change account search to match by text when opted-in (#25599) 
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
 2023-06-29 13:05:21 +02:00
Claire ea57f8e3af Merge branch 'main' into glitch-soc/merge-upstream 2023-06-27 13:15:41 +02:00
Claire 92fbaae7b6 Fix suspending an already-limited domain (#25603) 2023-06-27 12:32:51 +02:00
Claire b7af3115a7 Merge commit '3d50947e62272e3da4365e0b751e4e45c1d9bac6' into glitch-soc/merge-upstream 
Conflicts:
- `app/models/user_settings.rb`:
  Upstream added a constraint on a setting textually close
  to glitch-soc-only settings.
  Applied upstream's change.
- `lib/sanitize_ext/sanitize_config.rb`:
  Upstream added support for the `translate` attribute on a few elements,
  where glitch-soc had a different set of allowed elements and attributes.
  Extended glitch-soc's allowed attributes with `translate` as upstream did.
- `spec/validators/status_length_validator_spec.rb`:
  Upstream refactored to use RSpec's `instance_double` instead of `double`,
  but glitch-soc had changes to tests due to configurable max toot chars.
  Applied upstream's changes while keeping tests against configurable max
  toot chars.
 2023-06-25 14:27:38 +02:00
Claire d0144d2be3 Change /api/v1/statuses/:id/history to always return at least one item (#25510) 2023-06-22 14:56:14 +02:00
Matt Jankowski 011006c01b Fix `RSpec/VerifiedDoubles` cop (#25469) 2023-06-22 14:55:22 +02:00
Matt Jankowski a62df37800 Reduce `Admin::Reports::Actions` spec db activity (#25465) 2023-06-22 14:53:13 +02:00
Claire c1c87fe7b9 Add finer permission requirements for managing webhooks (#25463) 2023-06-22 14:52:25 +02:00
Matt Jankowski bb928d2f12 Speed-up on `StatusesController` spec (#25549) 2023-06-22 14:51:53 +02:00
Matt Jankowski 397f0cd5e3 Speed-up on `BackupService` spec (#25527) 2023-06-22 11:53:28 +02:00
Daniel M Brasil 33f3a9c5f5 Migrate to request specs in `/api/v1/suggestions` (#25540) 2023-06-22 11:49:35 +02:00
Claire 4e0718dbf5 Add per-test timeouts to AutoStatusesCleanupScheduler tests (#24841) 2023-06-20 18:54:05 +02:00
Claire 5e5af7a0fe Fix /api/v1/conversations sometimes returning empty accounts (#25499) 2023-06-20 18:32:26 +02:00
Daniel M Brasil 88cdb02d89 Migrate to request specs in `/api/v1/admin/account_actions` (#25514) 2023-06-20 18:16:48 +02:00
Claire 923dde8e6c Fix wrong view being displayed when a webhook fails validation (#25464) 2023-06-20 18:15:35 +02:00
Claire 4e861795a4 Add translate="no" to outgoing mentions and links (#25524) 2023-06-20 18:10:19 +02:00
Plastikmensch 02ff7c5f3d Re-allow title attribute in <abbr> (#2254) 
* Re-allow title attribute in <abbr>

This was accidentally removed in a6363c3a2a

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>

* Add test

Add a new test to check that title attribute on <abbr> is kept.

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>

---------

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>
 2023-06-19 18:01:35 +02:00
Claire ecf17008e8 Fix user settings not getting validated (#25508) 2023-06-19 14:06:06 +01:00
Matt Jankowski d05a68a12e Reduce `sleep` time in request pool spec (#25470) 2023-06-19 13:48:25 +02:00
Matt Jankowski ed134709aa Add coverage for `UserMailer` methods (#25484) 2023-06-19 09:50:35 +02:00
Matt Jankowski 72542ce967 Combine assertions in api/v1/notifications spec (#25486) 2023-06-19 09:05:42 +02:00
Daniel M Brasil 498e3231b6 Fix incorrect pagination headers in `/api/v2/admin/accounts` (#25477) 2023-06-19 08:53:05 +02:00
Daniel M Brasil a27a33ebde Migrate to request specs in `/api/v1/tags` (#25439) 2023-06-19 08:51:40 +02:00
Claire 05adb637b7 Fix glitch-soc-only test being broken by refactor of the surrounding tests 2023-06-18 13:59:47 +02:00
Claire 7066e3d5ce Merge commit '2d058a8499fba7ba97bd3c10a40412f0bbacf1e7' into glitch-soc/merge-upstream 
Conflicts:
- `app/views/settings/profiles/show.html.haml`:
  Upstream redesigned the settings page, where glitch-soc had changes because of
  the ability to set some custom limits.
  Went with upstream's design while keeping our custom limits.
- `yarn.lock`:
  Upstream updated dependencies textually close to a glitch-soc-only dependency.
  Updated the dependnencies as well.
 2023-06-18 13:41:33 +02:00
Claire f101b67a45 Merge commit '239ee4f5d10aaa30b52cc59a58b2dc33fea5615f' into glitch-soc/merge-upstream 2023-06-18 10:36:14 +02:00
Matt Jankowski 2bd353cdf5 Remove Ruby GC config from spec helper (#25455) 2023-06-15 22:14:46 +01:00
Daniel M Brasil dc9352a450 Migrate to request specs in `/api/v1/lists` (#25443) 2023-06-15 10:19:51 +02:00
Matt Jankowski eb1f69c2d4 Update rubocop-rspec to version 2.22.0, fix `RSpec/IndexedLet` cop (#24698) 2023-06-14 16:44:37 +02:00
Daniel M Brasil 507a7e785a Migrate to request specs in `/api/v1/domain_blocks` (#25414) 2023-06-14 16:08:53 +02:00
Daniel M Brasil 895e157b4d Migrate to request specs in `/api/v1/follow_requests` (#25411) 2023-06-14 15:43:50 +02:00
Daniel M Brasil 4a994e5b50 Fix `ArgumentError` in `/api/v1/admin/accounts/:id/action` (#25386) 2023-06-14 15:21:36 +02:00
Matt Jankowski b47741bb29 Reduce factory data created in spec/models/trends/statuses spec (#25410) 2023-06-14 09:57:06 +02:00
Matt Jankowski 8c7da82c64 Speed improvement for `AccountsStatusesCleanupScheduler` spec (#25406) 2023-06-14 09:56:11 +02:00
Daniel M Brasil 943c99f780 Migrate to request specs in `/api/v1/apps/verify_credentials` (#25404) 2023-06-14 09:48:57 +02:00
Daniel M Brasil 51fdaefad4 Migrate to request specs in `/api/v1/apps` (#25401) 2023-06-14 09:48:48 +02:00
Matt Jankowski bc7346ab9c Extract shared examples from api specs (#25387) 2023-06-14 09:34:01 +02:00
Claire a424076226 Fix ArgumentError when loading newer Private Mentions (#25399) 2023-06-14 08:54:52 +02:00
Matt Jankowski 6273d4f5ee Remove unused shared examples for scoped settings (#25389) 2023-06-13 14:59:04 +02:00