Commit Graph

998 Commits (1039fce896ff46d5d430d261e4d063f61e5a3ef9)

Author SHA1 Message Date
Claire 1039fce896 Merge commit '5a5d8a97579bf2da481871588425734678019f52' into glitch-soc/merge-upstream 2023-07-30 14:33:28 +02:00
Claire db809f8789 Merge commit 'f3127af389f6043fe19c9ef4addefb6c6da0095a' into glitch-soc/merge-upstream
Conflicts:
- `app/views/layouts/application.html.haml`:
  Upstream removed the `crossorigin` attribute from `preload_pack_asset`.
  Glitch-soc had different calls to `preload_pack_asset` because of the
  different theming system.
  Ported the change.
- `app/views/layouts/embedded.html.haml`:
  Upstream removed the `crossorigin` attribute from `preload_pack_asset`.
  Glitch-soc had different calls to `preload_pack_asset` because of the
  different theming system.
  Ported the change.
2023-07-30 13:42:06 +02:00
Claire 21ce598a57 Bump version to v4.1.5 (#26108) 2023-07-21 21:23:14 +02:00
Renaud Chaput f31a9bd78e Fix the crossorigin attribute (#26096) 2023-07-21 11:14:26 +02:00
Claire 1399e9d863 Merge commit '6ee7c03b282663700b2e3f2f83b57b163aac2a35' into glitch-soc/merge-upstream
Conflicts:
- `db/migrate/20180831171112_create_bookmarks.rb`:
  Upstream ran a lint fix on this file, but this file is different in
  glitch-soc because the feature was added much earlier.
  Ran the lint fix on our own version of the file.
2023-07-12 16:03:05 +02:00
Matt Jankowski 034a6a0dd4 Refactor `Snowflake` to avoid brakeman sql injection warnings (#25879) 2023-07-12 10:44:58 +02:00
Matt Jankowski d98717ceef Fix `Style/SlicingWithRange` cop (#25923) 2023-07-12 10:03:06 +02:00
Nick Schonning 96a8aa32ad Enable Rubocop Style/FrozenStringLiteralComment (#23793) 2023-07-12 09:47:08 +02:00
Claire 9ba89aeeb5 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `.github/workflows/build-image.yml`:
  Upstream attempted something with tags.
  Kept our version.
2023-07-07 19:59:43 +02:00
Claire 784f7fb497 Bump version to v4.1.4 (#25805) 2023-07-07 19:42:03 +02:00
Claire d979d9fe49 Fix branding:generate_app_icons failing because of disallowed ICO coder (#25794) 2023-07-07 18:10:00 +02:00
Claire 3581e4be49 Merge branch 'main' into glitch-soc/merge-upstream 2023-07-06 15:16:34 +02:00
Claire 8f62bea002 Bump version to v4.1.3 (#25757) 2023-07-06 15:14:42 +02:00
Claire 3445bdfa45 Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Claire 96dcfa9745 Merge pull request from GHSA-ccm4-vgcc-73hp
* Tighten allowed HTML in oEmbed-based preview cards

* Sanitize preview cards at render time

* Add `sandbox` attribute to preview card iframes
2023-07-06 15:03:33 +02:00
Claire 5154acdb9f Add hardened headers to user-uploaded files (#25756) 2023-07-06 14:31:37 +02:00
Claire b7af3115a7 Merge commit '3d50947e62272e3da4365e0b751e4e45c1d9bac6' into glitch-soc/merge-upstream
Conflicts:
- `app/models/user_settings.rb`:
  Upstream added a constraint on a setting textually close
  to glitch-soc-only settings.
  Applied upstream's change.
- `lib/sanitize_ext/sanitize_config.rb`:
  Upstream added support for the `translate` attribute on a few elements,
  where glitch-soc had a different set of allowed elements and attributes.
  Extended glitch-soc's allowed attributes with `translate` as upstream did.
- `spec/validators/status_length_validator_spec.rb`:
  Upstream refactored to use RSpec's `instance_double` instead of `double`,
  but glitch-soc had changes to tests due to configurable max toot chars.
  Applied upstream's changes while keeping tests against configurable max
  toot chars.
2023-06-25 14:27:38 +02:00
Claire 4e861795a4 Add translate="no" to outgoing mentions and links (#25524) 2023-06-20 18:10:19 +02:00
Plastikmensch 02ff7c5f3d Re-allow title attribute in <abbr> (#2254)
* Re-allow title attribute in <abbr>

This was accidentally removed in a6363c3a2a

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>

* Add test

Add a new test to check that title attribute on <abbr> is kept.

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>

---------

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>
2023-06-19 18:01:35 +02:00
Claire f101b67a45 Merge commit '239ee4f5d10aaa30b52cc59a58b2dc33fea5615f' into glitch-soc/merge-upstream 2023-06-18 10:36:14 +02:00
Matt Jankowski 61a9504522 Add coverage for `CLI::Feeds` command (#25319) 2023-06-10 18:37:36 +02:00
Matt Jankowski 4d21dbfa23 Add coverage for `CLI::Cache` command (#25238) 2023-06-10 18:36:09 +02:00
Claire ee1de4206a Merge commit '68d362c0fc4d41cc97e981640bef41dea6f9f79d' into glitch-soc/merge-upstream
Conflicts:
- `config/initializers/content_security_policy.rb`:
  Kept our version, it was not affected by upstream's bug.
2023-06-10 16:48:01 +02:00
Claire 085a1197da Merge commit '21f904b344e57f68dd86b91d7228bdae37e75624' into glitch-soc/merge-upstream
Conflicts:
- `config/initializers/simple_form.rb`:
  Upstream added a new simple_form component, where we had an extra one.
  Kept both components.
2023-06-10 16:22:14 +02:00
Claire e6b6a0535e Merge commit 'a82f0363091618ddd94c76bdd36bf05f74428eee' into glitch-soc/merge-upstream 2023-06-10 15:17:08 +02:00
Nick Schonning ef344388c5 Autofix Rubocop Regex Style rules (#23690)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-06-06 14:50:51 +02:00
Claire bda5be1406 Merge commit '68296cfb32f6ab7baf5c8400b2bdb261d6aa3694' into glitch-soc/merge-upstream
Conflicts:
- `.rubocop_todo.yml`:
  Took upstream's changes.
2023-06-05 13:25:22 +02:00
Jed Fox e24a587f84 Consistently use middle dot (·) instead of bullet (•) to separate items (#25248) 2023-06-02 19:58:18 +02:00
Matt Jankowski a32c2b694f Extract verify options method in search cli (#25121) 2023-06-01 14:35:05 +02:00
Matt Jankowski 13dffb206b Add CLI area progress bar helper (#25208) 2023-06-01 14:31:24 +02:00
Matt Jankowski d59a2b5b8e Use thor methods instead of tty prompt in maintenance cli (#25207) 2023-05-31 19:40:16 +02:00
Matt Jankowski 8cb57d28a6 Fix FormatStringToken cop in CLI (#25122) 2023-05-30 16:21:53 +02:00
Matt Jankowski 87ff2507fc Fix Rails/WhereExists cop in CLI (#25123) 2023-05-30 16:09:57 +02:00
Matt Jankowski dccd813e6c Extract helper method for error report in cli/accounts command (#25119) 2023-05-30 16:09:15 +02:00
Matt Jankowski 35e1c074e3 Increment index which was previously not used in maintenance CLI loop (#25118) 2023-05-30 16:08:47 +02:00
Matt Jankowski 9ee55e469c Consistent usage of CLI `dry_run?` method (#25116) 2023-05-30 16:07:44 +02:00
Claire 53b8a15ee9 Merge branch 'main' into glitch-soc/merge-upstream 2023-05-28 17:01:25 +02:00
Claire 973743ff50 Merge commit 'b6c687abc288b3ea7fe16bf38912462c2ca1b4e4' into glitch-soc/merge-upstream
Conflicts:
- `.github/dependabot.yml`:
  We removed it from glitch-soc.
  Keep it deleted.
2023-05-28 16:41:14 +02:00
Claire 006bc485e4 Merge commit '3e747f08639a78ac86858f6a2d2fc08a05ff3365' into glitch-soc/merge-upstream 2023-05-28 15:01:53 +02:00
Matt Jankowski 95b54f5ad7 Extract methods for user de-duping in maintenance CLI (#25117) 2023-05-26 09:42:16 +02:00
Claire ee6f9d2c92 Merge commit 'cc5d2e22dd4b7afb9035cf999979e3cd36d97e46' into glitch-soc/merge-upstream 2023-05-25 22:59:30 +02:00
Claire 245a4eac89 Improve various queries against account domains (#25126) 2023-05-25 09:27:16 +02:00
Matt Jankowski f97a429d20 Add CLI Base class for command line code (#25106) 2023-05-24 11:55:40 +02:00
Matt Jankowski eada85f715 Move the mastodon/*_cli files to mastodon/cli/* (#24139) 2023-05-23 16:08:26 +02:00
Nick Schonning c4f2b1e86a Fix minor typos in comments and spec names (#21831) 2023-05-19 17:13:29 +02:00
Claire 7f078e41c0 Merge commit 'd67de22458e599447c0d5c85ecbd6fb5aef9b4f4' into glitch-soc/merge-upstream
Conflicts:
- `.github/dependabot.yml`:
  We deleted it.
  Kept it removed.
- `app/javascript/packs/public.jsx`:
  Upstream changed an import, we have slightly different ones.
  Ported upstream changes.
2023-05-09 23:12:48 +02:00
Daniel M Brasil f7b92ed93d Add ability to block sign-ups from IP using the CLI (#24870) 2023-05-09 14:46:00 +02:00
Daniel M Brasil 1b1b940202 Fix uncaught `ActiveRecord::StatementInvalid` in Mastodon::IpBlocksCLI (#24861) 2023-05-09 14:45:47 +02:00
Claire da25a0bd04 Fix rubocop issues in glitch-soc-specific code 2023-05-08 19:28:43 +02:00
Claire 348aed03cf Merge commit '0d919f27beb6e4e7a562a6eed8f354415b5c217e' into glitch-soc/merge-upstream
Conflicts:
- `.github/dependabot.yml`:
  Upstream made changes, but we had removed it.
  Discarded upstream changes.
- `.rubocop_todo.yml`:
  Upstream regenerated the file, we had some glitch-soc-specific ignores.
- `app/models/account_statuses_filter.rb`:
  Minor upstream code style change where glitch-soc had slightly different code
  due to handling of local-only posts.
  Updated to match upstream's code style.
- `app/models/status.rb`:
  Upstream moved ActiveRecord callback definitions, glitch-soc had an extra one.
  Moved the definitions as upstream did.
- `app/services/backup_service.rb`:
  Upstream rewrote a lot of the backup service, glitch-soc had changes because
  of exporting local-only posts.
  Took upstream changes and added back code to deal with local-only posts.
- `config/routes.rb`:
  Upstream split the file into different files, while glitch-soc had a few
  extra routes.
  Extra routes added to `config/routes/settings.rb`, `config/routes/api.rb`
  and `config/routes/admin.rb`
- `db/schema.rb`:
  Upstream has new migrations, while glitch-soc had an extra migration.
  Updated the expected serial number to match upstream's.
- `lib/mastodon/version.rb`:
  Upstream added support to set version tags from environment variables, while
  glitch-soc has an extra `+glitch` tag.
  Changed the code to support upstream's feature but prepending a `+glitch`.
- `spec/lib/activitypub/activity/create_spec.rb`:
  Minor code style change upstream, while glitch-soc has extra tests due to
  `directMessage` handling.
  Applied upstream's changes while keeping glitch-soc's extra tests.
- `spec/models/concerns/account_interactions_spec.rb`:
  Minor code style change upstream, while glitch-soc has extra tests.
  Applied upstream's changes while keeping glitch-soc's extra tests.
2023-05-08 19:28:21 +02:00