Commit Graph

2220 Commits (f26d104e75f4832c804d1b51729f1a0355419ab4)

Author SHA1 Message Date
kouhai dev f26d104e75 th: Merge remote-tracking branch 'glitch/main'
ci/woodpecker/push/woodpecker Pipeline was successful Details
ci/woodpecker/pr/woodpecker Pipeline was successful Details
fixes: CVE-2023-36459
fixes: CVE-2023-36460
fixes: CVE-2023-36461
fixes: CVE-2023-36462
fixes: GHSA-55j9-c3mp-6fcq
fixes: GHSA-9928-3cp5-93fm
fixes: GHSA-9pxv-6qvf-pjwc
fixes: GHSA-ccm4-vgcc-73hp
2023-07-06 12:12:21 -07:00
Claire ff7aae3037 Merge branch 'main' into glitch-soc/merge-upstream 2023-07-06 15:16:34 +02:00
Claire dc8f1fbd97
Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Claire 5de49e74d4 Merge branch 'main' into glitch-soc/merge-upstream 2023-07-05 12:01:26 +02:00
kouhai dev 961ac9e493 th: merge glitch again (lol)
ci/woodpecker/push/woodpecker Pipeline was successful Details
2023-07-05 01:14:10 -07:00
kouhai dev 0c68cb08f5 th: add invite limits behind TH_USE_INVITE_QUOTA
ci/woodpecker/push/woodpecker Pipeline was successful Details
TH_USE_INVITE_QUOTA: feature flag
TH_INVITE_MAX_USES: max uses per invite for non-moderators
TH_ACTIVE_INVITE_SLOT_QUOTA: max slots in active invites, including consumed slots
2023-07-05 00:20:28 -07:00
Daniel M Brasil 383c00819c
Fix `/api/v2/search` not working with following query param (#25681) 2023-07-03 18:06:57 +02:00
Claire 44e98a2740 Merge branch 'main' into glitch-soc/merge-upstream 2023-07-02 11:49:08 +02:00
Daniel M Brasil 4fe2d7cb59
Fix HTTP 500 in `/api/v1/emails/check_confirmation` (#25595) 2023-07-02 00:05:44 +02:00
Matt Jankowski 683ba5ecb1
Fix rails `rewhere` deprecation warning in directories api controller (#25625) 2023-07-01 21:48:16 +02:00
Claire a209d1e683
Fix ResolveURLService not resolving local URLs for remote content (#25637) 2023-06-29 14:48:54 +02:00
jsgoldstein 4581a528f7
Change account search to match by text when opted-in (#25599)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-06-29 13:05:21 +02:00
Claire 80a5c16ae1 Merge branch 'main' into glitch-soc/merge-upstream 2023-06-27 13:15:41 +02:00
Claire c7c6f02ae6
Fix suspending an already-limited domain (#25603) 2023-06-27 12:32:51 +02:00
Claire 178e151019 Merge commit '55e7c08a83547424024bac311d5459cb82cf6dae' into glitch-soc/merge-upstream
Conflicts:
- `app/models/user_settings.rb`:
  Upstream added a constraint on a setting textually close
  to glitch-soc-only settings.
  Applied upstream's change.
- `lib/sanitize_ext/sanitize_config.rb`:
  Upstream added support for the `translate` attribute on a few elements,
  where glitch-soc had a different set of allowed elements and attributes.
  Extended glitch-soc's allowed attributes with `translate` as upstream did.
- `spec/validators/status_length_validator_spec.rb`:
  Upstream refactored to use RSpec's `instance_double` instead of `double`,
  but glitch-soc had changes to tests due to configurable max toot chars.
  Applied upstream's changes while keeping tests against configurable max
  toot chars.
2023-06-25 14:27:38 +02:00
Claire a5b6f6da80
Change /api/v1/statuses/:id/history to always return at least one item (#25510) 2023-06-22 14:56:14 +02:00
Matt Jankowski 05f9e39b32
Fix `RSpec/VerifiedDoubles` cop (#25469) 2023-06-22 14:55:22 +02:00
Matt Jankowski 38433ccd0b
Reduce `Admin::Reports::Actions` spec db activity (#25465) 2023-06-22 14:53:13 +02:00
Claire 602c458ab6
Add finer permission requirements for managing webhooks (#25463) 2023-06-22 14:52:25 +02:00
Matt Jankowski 63d15d5330
Speed-up on `StatusesController` spec (#25549) 2023-06-22 14:51:53 +02:00
Matt Jankowski 0b39b9abee
Speed-up on `BackupService` spec (#25527) 2023-06-22 11:53:28 +02:00
Daniel M Brasil 6ac271c2a0
Migrate to request specs in `/api/v1/suggestions` (#25540) 2023-06-22 11:49:35 +02:00
Claire 37a9c2258a
Add per-test timeouts to AutoStatusesCleanupScheduler tests (#24841) 2023-06-20 18:54:05 +02:00
Claire ebfeaebedb
Fix /api/v1/conversations sometimes returning empty accounts (#25499) 2023-06-20 18:32:26 +02:00
Daniel M Brasil e53eb38a8d
Migrate to request specs in `/api/v1/admin/account_actions` (#25514) 2023-06-20 18:16:48 +02:00
Claire fd23f50243
Fix wrong view being displayed when a webhook fails validation (#25464) 2023-06-20 18:15:35 +02:00
Claire c78280a8ce
Add translate="no" to outgoing mentions and links (#25524) 2023-06-20 18:10:19 +02:00
Plastikmensch eba3411bfa
Re-allow title attribute in <abbr> (#2254)
* Re-allow title attribute in <abbr>

This was accidentally removed in 7623e18124

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>

* Add test

Add a new test to check that title attribute on <abbr> is kept.

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>

---------

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>
2023-06-19 18:01:35 +02:00
Claire dd07393e75
Fix user settings not getting validated (#25508) 2023-06-19 14:06:06 +01:00
Matt Jankowski e1c9d52e91
Reduce `sleep` time in request pool spec (#25470) 2023-06-19 13:48:25 +02:00
Matt Jankowski 3a65fb044f
Add coverage for `UserMailer` methods (#25484) 2023-06-19 09:50:35 +02:00
Matt Jankowski e835198b26
Combine assertions in api/v1/notifications spec (#25486) 2023-06-19 09:05:42 +02:00
Daniel M Brasil b9bc9d0bda
Fix incorrect pagination headers in `/api/v2/admin/accounts` (#25477) 2023-06-19 08:53:05 +02:00
Daniel M Brasil 0a0a1f1495
Migrate to request specs in `/api/v1/tags` (#25439) 2023-06-19 08:51:40 +02:00
Claire e5978184a6 Fix glitch-soc-only test being broken by refactor of the surrounding tests 2023-06-18 13:59:47 +02:00
Claire 6c99479ef4 Merge commit '9e245d147bcb2c72cc552ff8c276a1c34e2f686d' into glitch-soc/merge-upstream
Conflicts:
- `app/views/settings/profiles/show.html.haml`:
  Upstream redesigned the settings page, where glitch-soc had changes because of
  the ability to set some custom limits.
  Went with upstream's design while keeping our custom limits.
- `yarn.lock`:
  Upstream updated dependencies textually close to a glitch-soc-only dependency.
  Updated the dependnencies as well.
2023-06-18 13:41:33 +02:00
Claire 65cbcce997 Merge commit '39110d1d0af5e3d9cf452ae47496a52797249fd0' into glitch-soc/merge-upstream 2023-06-18 10:36:14 +02:00
Matt Jankowski b276b3bb83
Remove Ruby GC config from spec helper (#25455) 2023-06-15 22:14:46 +01:00
Daniel M Brasil b10c05e702
Migrate to request specs in `/api/v1/lists` (#25443) 2023-06-15 10:19:51 +02:00
Matt Jankowski 4c5aa0e470
Update rubocop-rspec to version 2.22.0, fix `RSpec/IndexedLet` cop (#24698) 2023-06-14 16:44:37 +02:00
Daniel M Brasil 24015ef0cc
Migrate to request specs in `/api/v1/domain_blocks` (#25414) 2023-06-14 16:08:53 +02:00
Daniel M Brasil 87aff5aad8
Migrate to request specs in `/api/v1/follow_requests` (#25411) 2023-06-14 15:43:50 +02:00
Daniel M Brasil d9c6f70cc6
Fix `ArgumentError` in `/api/v1/admin/accounts/:id/action` (#25386) 2023-06-14 15:21:36 +02:00
Matt Jankowski ae9f5379d1
Reduce factory data created in spec/models/trends/statuses spec (#25410) 2023-06-14 09:57:06 +02:00
Matt Jankowski 31d5bc89d1
Speed improvement for `AccountsStatusesCleanupScheduler` spec (#25406) 2023-06-14 09:56:11 +02:00
Daniel M Brasil a5b62e56d0
Migrate to request specs in `/api/v1/apps/verify_credentials` (#25404) 2023-06-14 09:48:57 +02:00
Daniel M Brasil a6407aa662
Migrate to request specs in `/api/v1/apps` (#25401) 2023-06-14 09:48:48 +02:00
Matt Jankowski 4c5f62de99
Extract shared examples from api specs (#25387) 2023-06-14 09:34:01 +02:00
Claire ec59166844
Fix ArgumentError when loading newer Private Mentions (#25399) 2023-06-14 08:54:52 +02:00
Matt Jankowski 10746af82f
Remove unused shared examples for scoped settings (#25389) 2023-06-13 14:59:04 +02:00