Commit Graph

3149 Commits (e8b0b5d83e15b63307dc59a791bffb0bad53d0e2)

Author SHA1 Message Date
kouhai dev f26d104e75 th: Merge remote-tracking branch 'glitch/main'
ci/woodpecker/push/woodpecker Pipeline was successful Details
ci/woodpecker/pr/woodpecker Pipeline was successful Details
fixes: CVE-2023-36459
fixes: CVE-2023-36460
fixes: CVE-2023-36461
fixes: CVE-2023-36462
fixes: GHSA-55j9-c3mp-6fcq
fixes: GHSA-9928-3cp5-93fm
fixes: GHSA-9pxv-6qvf-pjwc
fixes: GHSA-ccm4-vgcc-73hp
2023-07-06 12:12:21 -07:00
Claire ff7aae3037 Merge branch 'main' into glitch-soc/merge-upstream 2023-07-06 15:16:34 +02:00
Claire dc8f1fbd97
Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Claire 5de49e74d4 Merge branch 'main' into glitch-soc/merge-upstream 2023-07-05 12:01:26 +02:00
kouhai dev 961ac9e493 th: merge glitch again (lol)
ci/woodpecker/push/woodpecker Pipeline was successful Details
2023-07-05 01:14:10 -07:00
Eugen Rochko 54a10523e2
Change labels of live feeds tabs in web UI (#25683) 2023-07-03 22:57:18 +02:00
Claire 44e98a2740 Merge branch 'main' into glitch-soc/merge-upstream 2023-07-02 11:49:08 +02:00
Eugen Rochko ba06a2f104
Revert "Rails 7 update" (#25667) 2023-07-02 11:14:22 +02:00
Matt Jankowski 50c2a03695
Rails 7 update (#24241) 2023-07-02 10:38:53 +02:00
Matt Jankowski f8bd581126
Remove unused routes (#25578) 2023-07-01 21:48:53 +02:00
Claire 178e151019 Merge commit '55e7c08a83547424024bac311d5459cb82cf6dae' into glitch-soc/merge-upstream
Conflicts:
- `app/models/user_settings.rb`:
  Upstream added a constraint on a setting textually close
  to glitch-soc-only settings.
  Applied upstream's change.
- `lib/sanitize_ext/sanitize_config.rb`:
  Upstream added support for the `translate` attribute on a few elements,
  where glitch-soc had a different set of allowed elements and attributes.
  Extended glitch-soc's allowed attributes with `translate` as upstream did.
- `spec/validators/status_length_validator_spec.rb`:
  Upstream refactored to use RSpec's `instance_double` instead of `double`,
  but glitch-soc had changes to tests due to configurable max toot chars.
  Applied upstream's changes while keeping tests against configurable max
  toot chars.
2023-06-25 14:27:38 +02:00
Claire 1d622c8033
Add POST /api/v1/conversations/:id/unread (#25509) 2023-06-22 18:46:43 +02:00
Matt Jankowski c9cd634184
Use default `bootsnap/setup` in boot.rb (#25502) 2023-06-22 18:46:32 +02:00
Claire 602c458ab6
Add finer permission requirements for managing webhooks (#25463) 2023-06-22 14:52:25 +02:00
Claire 6c99479ef4 Merge commit '9e245d147bcb2c72cc552ff8c276a1c34e2f686d' into glitch-soc/merge-upstream
Conflicts:
- `app/views/settings/profiles/show.html.haml`:
  Upstream redesigned the settings page, where glitch-soc had changes because of
  the ability to set some custom limits.
  Went with upstream's design while keeping our custom limits.
- `yarn.lock`:
  Upstream updated dependencies textually close to a glitch-soc-only dependency.
  Updated the dependnencies as well.
2023-06-18 13:41:33 +02:00
Claire 65cbcce997 Merge commit '39110d1d0af5e3d9cf452ae47496a52797249fd0' into glitch-soc/merge-upstream 2023-06-18 10:36:14 +02:00
Eugen Rochko bca649ba79
Change edit profile page (#25413) 2023-06-14 04:38:07 +02:00
Eugen Rochko 39110d1d0a
Fix CAPTCHA page not following design pattern of sign-up flow (#25395) 2023-06-13 22:30:40 +02:00
Eugen Rochko 6637ef7852
Add unsubscribe link to e-mails (#25378) 2023-06-12 14:22:46 +02:00
Eugen Rochko 432a5d2d4b
Change "bot" label to "automated" (#25356) 2023-06-11 04:47:07 +02:00
Claire 42a0898f16 Merge commit '3a2a15c6ea4d4603469861ed9be09da12a122e45' into glitch-soc/merge-upstream
Conflicts:
- `app/views/settings/preferences/appearance/show.html.haml`:
  Conflict because glitch-soc does not have a theme selector here.
2023-06-10 18:42:29 +02:00
Claire 34efd1a24c Switch to using a `common` runtime chunk rather than `locales` 2023-06-10 17:43:13 +02:00
Claire c48ec9cb8c Merge commit 'b85c387c5c0527b0ad31c27031a09d361826c5fc' into glitch-soc/merge-upstream
Conflicts:
- `config/initializers/content_security_policy.rb`:
  Kept our version, it was not affected by upstream's bug.
2023-06-10 16:48:01 +02:00
Claire d8b0a732aa Merge commit '1483a3ddfe74e4fb81d87447a1781943eab86c60' into glitch-soc/merge-upstream
Conflicts:
- `config/initializers/simple_form.rb`:
  Upstream added a new simple_form component, where we had an extra one.
  Kept both components.
2023-06-10 16:22:14 +02:00
Claire aa57f7e3e2 Merge commit '5fae2de454806730742b7be7435ae1c4fb97cf3c' into glitch-soc/merge-upstream 2023-06-10 15:17:08 +02:00
Claire b27a9a5903 Merge commit 'e9385e93e9b4601c87d1f5d6b8ddfd815f7aedcb' into glitch-soc/merge-upstream 2023-06-10 15:09:19 +02:00
Claire 85722a918d Merge commit '44cd88adc4e2f4028dcc2b08b98368f0dc90cee4' into glitch-soc/merge-upstream
Conflicts:
- `.github/dependabot.yml`:
  Updated upstream, but we've deleted it.
  Keep it deleted.
- `app/javascript/mastodon/locales/index.js`:
  Reworked upstream, but the code was mostly in
  `app/javascript/locales/index.js` in glitch-soc.
  Updated that file accordingly.
- `app/javascript/packs/public.jsx`:
  Not a real conflict, but different imports in
  glitch-soc and upstream.
- `app/views/layouts/application.html.haml`:
  Conflict due to locales loading and theme system
  discrepancies.
  Updated in our own way.
- `app/views/layouts/embedded.html.haml`:
  Conflict due to locales loading and theme system
  discrepancies.
  Updated in our own way.
- `config/webpack/generateLocalePacks.js`:
  Deleted upstream, as upstream now directly loads the
  JSON at runtime.
  Deleted as well, will switch to runtime loading in
  an upcoming commit.
- `config/webpack/shared.js`:
  Not a real conflict, but different imports in
  glitch-soc and upstream.
- `config/webpack/translationRunner.js`:
  Mostly deleted upstream, to be replaced with `formatjs-formatter.js`
  instead.
  Moved the glitch-soc logic there and deleted the file.
2023-06-10 12:38:33 +02:00
Eugen Rochko 4c9406bdb0
Add time zone preference (#25342) 2023-06-10 03:29:37 +02:00
Claire f378f10404
Fix compatibility of recent migration with PostgreSQL 10 (#25324) 2023-06-07 01:53:50 +02:00
Nick Schonning c66250abf1
Autofix Rubocop Regex Style rules (#23690)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-06-06 14:50:51 +02:00
Eugen Rochko 4eda233e09
Add webhook templating (#23289)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-06-06 10:42:47 +02:00
Claire e428670e61
Fix CSP headers when S3_ALIAS_HOST includes a path component (#25273) 2023-06-05 17:35:05 +02:00
Matt Jankowski e49819142f
Remove unmaintained `nsa` gem (#25265) 2023-06-05 01:57:05 +02:00
Nick Schonning aea67d448b
Cleanup old translationRunner (#25241) 2023-06-02 20:01:36 +02:00
Claire 0766c9a631
Add card with who invited you to join when displaying rules on sign-up (#23475) 2023-06-02 18:35:37 +02:00
Claire 94329f28e1
Change wording of “Content cache retention period” setting to highlight destructive implications (#23261) 2023-06-02 18:09:08 +02:00
Renaud Chaput 942d850b0a
Allow carets in URL search params (#25216) 2023-06-01 12:14:49 +02:00
Claire e9385e93e9
Add a confirmation screen when suspending a domain (#25144) 2023-06-01 09:37:38 +02:00
Renaud Chaput 44cd88adc4
Upgrade react-intl (#24906) 2023-05-31 23:43:39 +02:00
Claire 1cd7f5ff17 Merge commit 'd27216dc4616d80659c0cc5d2a55394e0e1ae874' into glitch-soc/merge-upstream
Conflicts:
- `.eslintrc.js`:
  Upstream moved a configuration block in which we had added a glitch-only
  path.
  Moved the configuration block as upstream did.
- other files:
  Upstream reordered imports, and those files had different ones.
  Kept our version and reordered imports using the same rules.
2023-05-28 15:54:31 +02:00
Claire 2e02d03524 Merge commit '4a22e72b9b1b8f14792efcc649b0db8bc27f0df2' into glitch-soc/merge-upstream 2023-05-25 22:59:30 +02:00
Claire ad1098970b Merge commit 'bec6a1cad4c509c53deb378c7ba984ba7e2de5a9' into glitch-soc/merge-upstream
Conflicts:
- `app/controllers/auth/confirmations_controller.rb`:
  Upstream merged our captcha code, but there are some
  conflicts due to glitch-soc's theming system.
- `app/views/admin/settings/registrations/show.html.haml`:
  Upstream merged our captcha code, but there are some
  conflicts due to glitch-soc's theming system.

Additional changes:
- `Gemfile`:
  Upstream added hcaptcha dependency in another place in the file.
- `config/settings.yml`:
  Upstream added the `captcha_enabled` setting in another place in the file.
2023-05-25 22:49:18 +02:00
Claire f959f6cdbb Merge commit 'e60414792d86a99c0f401f3c1bab92ee37835d39' into glitch-soc/merge-upstream 2023-05-25 22:18:55 +02:00
Claire b735954971 Merge commit '2ce0b666a139726dc406e6c1887728553b947e59' into glitch-soc/merge-upstream
Conflicts:
- `config/webpack/generateLocalePacks.js`:
  A dependency update changed how functions are imported.
  Also, some linting fixes not applicable to glitch-soc.
2023-05-25 20:43:25 +02:00
Claire 646cde71d1
Change captcha to be presented even for invited users (#2227) 2023-05-25 20:13:18 +02:00
Renaud Chaput d27216dc46
Enforce import order with ESLint (#25096) 2023-05-23 17:15:17 +02:00
Nick Schonning c0b9664a31
Autofix Rubocop spacing in config (#25022) 2023-05-22 13:17:56 +02:00
kouhai dev 2408f1046f Merge remote-tracking branch 'glitch/main' 2023-05-22 00:10:53 -07:00
Claire 5cd55d8aaf
Fix being able to vote on your own polls (#25015) 2023-05-17 00:08:42 +02:00
Claire bec6a1cad4
Add hCaptcha support (#25019) 2023-05-16 23:27:35 +02:00