Claire
32e5a9f053
Merge pull request from GHSA-9pxv-6qvf-pjwc
...
* Fix timeout handling of outbound HTTP requests
* Use CLOCK_MONOTONIC instead of Time.now
2023-07-06 15:06:24 +02:00
Claire
987f909994
Merge pull request from GHSA-9928-3cp5-93fm
...
* Fix attachments getting processed despite failing content-type validation
* Add a restrictive ImageMagick security policy tailored for Mastodon
* Fix misdetection of MP3 files with large cover art
* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Claire
c02fa93c57
Merge pull request from GHSA-ccm4-vgcc-73hp
...
* Tighten allowed HTML in oEmbed-based preview cards
* Sanitize preview cards at render time
* Add `sandbox` attribute to preview card iframes
2023-07-06 15:03:33 +02:00
Vyr Cossont
07f60ffcbb
Fix Redis client and type errors introduced in #24285 ( #24342 )
2023-07-06 13:46:21 +02:00
Vyr Cossont
c1467453f6
IndexingScheduler: fetch and import in batches ( #24285 )
...
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-07-06 13:46:21 +02:00
Emelia Smith
00e65a77df
Prevent UserCleanupScheduler from overwhelming streaming ( #25519 )
2023-07-06 13:46:21 +02:00
Daniel M Brasil
f9521bc2b5
Fix incorrect pagination headers in /api/v2/admin/accounts
( #25477 )
2023-07-06 13:46:21 +02:00
Claire
feac95333f
Change profile updates to be sent to recently-mentioned servers ( #24852 )
2023-07-06 13:46:21 +02:00
Claire
bb1e7e112e
Fix being able to vote on your own polls ( #25015 )
2023-07-06 13:46:21 +02:00
Claire
e233060ea5
Fix race condition when reblogging a status ( #25016 )
2023-07-06 13:46:21 +02:00
Claire
3faebae2d1
Change OpenGraph-based embeds to allow fullscreen ( #25058 )
2023-07-06 13:46:21 +02:00
Claire
95f59da157
Fix “Authorized applications” inefficiently and incorrectly getting last use date ( #25060 )
2023-07-06 13:46:21 +02:00
Claire
6f94b4ae19
Remove invalid X-Frame-Options: ALLOWALL ( #25070 )
2023-07-06 13:46:21 +02:00
Claire
283184b390
Change Identity to not destroy associated User on destroy ( #25098 )
2023-07-06 13:46:21 +02:00
Claire
d54980ef2d
Fix /api/v1/conversations sometimes returning empty accounts ( #25499 )
2023-07-06 13:46:21 +02:00
Claire
08579976e0
Fix ArgumentError when loading newer Private Mentions ( #25399 )
2023-07-06 13:46:21 +02:00
Claire
ff3f40a675
Fix multiple N+1s in ConversationsController ( #25134 )
2023-07-06 13:46:21 +02:00
Claire
0dce749192
Fix user archive takeouts when using OpenStack Swift ( #24431 )
2023-07-06 13:46:21 +02:00
Claire
55144262d0
Fix unescaped user input in LDAP query ( #24379 )
...
Fix CVE-2023-28853
2023-04-04 12:38:58 +02:00
Claire
0f4c908b64
Fix invalid/expired invites being processed on sign-up ( #24337 )
2023-04-04 12:38:58 +02:00
Claire
d25493e262
Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support ( #24200 )
2023-04-04 12:38:58 +02:00
Claire
f90daf58db
Add warning for object storage misconfiguration ( #24137 )
2023-03-16 22:50:15 +01:00
Eugen Rochko
a42b48ea4e
Change user backups to use expiring URLs for download when possible ( #24136 )
2023-03-16 22:50:15 +01:00
Claire
f036546c22
Fix misleading error code when receiving invalid WebAuthn credentials ( #23568 )
2023-03-16 12:34:43 +01:00
Claire
9256d653a5
Fix incorrect post links in strikes when the account is remote ( #23611 )
2023-03-16 12:34:37 +01:00
Jeremy Kescher
d0c0808ad4
Add null check on application in dispute viewer ( #19851 )
2023-03-16 12:33:09 +01:00
Claire
cb622b23b1
Fix dashboard crash on ElasticSearch server error ( #23751 )
2023-03-16 12:31:20 +01:00
Claire
a1e765991e
Add mail headers to avoid auto-replies ( #23597 )
2023-03-14 11:46:12 +01:00
Claire
76b9f42712
Add lang
tag to native language names in language picker ( #23749 )
2023-03-14 11:46:12 +01:00
Rodion Borisov
a717aa929c
Center the text itself in upload area ( #24029 )
2023-03-14 11:46:12 +01:00
Claire
e6f6fe6106
Fix original account being unfollowed on migration before the follow request could be sent ( #21957 )
2023-03-14 11:46:12 +01:00
Claire
86b1adf7d7
Fix unconfirmed accounts being registered as active users ( #23803 )
2023-03-14 10:26:38 +01:00
Claire
4beeec4e50
Fix server error when failing to follow back followers from /relationships
( #23787 )
2023-03-14 10:26:23 +01:00
Claire
3c44ba0411
Fix inefficiency when searching accounts per username in admin interface ( #23801 )
2023-03-14 10:26:14 +01:00
Dean Bassett
339d4fa61c
Fix case-sensitive check for previously used hashtags ( #23526 )
2023-03-14 10:25:48 +01:00
Claire
62f0eab635
Fix “Remove all followers from the selected domains” being more destructive than it claims ( #23805 )
2023-03-14 10:25:38 +01:00
Claire
a8a3e86216
Fix unbounded recursion in post discovery ( #23507 )
...
* Add a limit to how many posts can get fetched as a result of a single request
* Add tests
* Always pass `request_id` when processing `Announce` activities
---------
Co-authored-by: nametoolong <nametoolong@users.noreply.github.com>
2023-02-10 22:16:47 +01:00
Claire
be1caad933
Fix REST API serializer for Account not including moved
when the moved account has itself moved ( #22483 ) ( #23492 )
...
Instead of cutting immediately, cut after one recursion.
2023-02-09 21:02:09 +01:00
Claire
533bf92d21
Don't delivery a reply to domains which are blocked by author ( #22117 ) ( #23490 )
...
Co-authored-by: Jeong Arm <kjwonmail@gmail.com>
2023-02-09 21:01:53 +01:00
Claire
6a2b48190c
Log admin approve and reject account ( #22088 ) ( #23488 )
...
* Log admin approve and reject account
* Add unit tests for approve and reject logging
Co-authored-by: Francis Murillo <evacuee.overlap.vs3op@aleeas.com>
2023-02-09 21:01:45 +01:00
Claire
6cbc589990
Fix UserCleanupScheduler
crash when an unconfirmed account has a moderation note ( #23318 ) ( #23487 )
...
* Fix `UserCleanupScheduler` crash when an unconfirmed account has a moderation note
* Add tests
2023-02-09 21:01:38 +01:00
Claire
a2bfb16cb8
Fix crash when marking statuses as sensitive while some statuses are deleted ( #22134 ) ( #23486 )
...
* Do not offer to mark statuses as sensitive if there is no undeleted status with media attachments
* Fix crash when marking statuses as sensitive while some statuses are deleted
Fixes #21910
* Fix multiple strikes being created for a single report when selecting “Mark as sensitive”
* Add tests
2023-02-09 21:01:21 +01:00
Claire
cfc0507010
Fix attachments of edited statuses not being fetched ( #21565 ) ( #23485 )
...
* Fix attachments of edited statuses not being fetched
* Fix tests
2023-02-09 20:57:31 +01:00
Claire
eade64097c
Clear voter count when poll is reset ( #21700 ) ( #23484 )
...
When a poll is edited, we reset the poll and remove all previous
votes. However, prior to this commit, the voter count on the poll
was not reset. This leads to incorrect percentages being shown in
poll results.
Fixes #21696
Co-authored-by: afontenot <adam.m.fontenot@gmail.com>
2023-02-09 20:57:24 +01:00
Claire
1f0be21317
Fix some performance issues with /admin/instances ( #21907 ) ( #23483 )
...
/admin/instances?availability=failing remains wholly unefficient
2023-02-09 20:57:14 +01:00
Claire
0ca877f084
Fix possible race conditions when suspending/unsuspending accounts ( #22363 ) ( #23482 )
...
* Fix possible race conditions when suspending/unsuspending accounts
* Fix tests
Tests were assuming SuspensionWorker and UnsuspensionWorker would do the
suspending/unsuspending themselves, but this has changed.
2023-02-09 20:57:06 +01:00
Claire
cc233af129
Fix suspension worker crashing on S3-compatible setups without ACL support ( #22487 ) ( #23481 )
2023-02-09 20:56:58 +01:00
Claire
83f1c6460a
Fix changing domain block severity not undoing individual account effects ( #22135 ) ( #23480 )
...
* Fix changing domain block severity not undoing individual account effects
Fixes #22133
* Add tests
2023-02-09 20:56:49 +01:00
Claire
e26dd2ea8f
Add form-action
CSP directive ( #23478 )
...
* Add form-action CSP directive (#20781 )
* Fix OAuth flow being broken by recent CSP change (#20958 )
* Fix form-action CSP directive for external login (#20962 )
2023-02-09 20:56:37 +01:00
Claire
ee66f5790f
Fix unbounded recursion in account discovery (v3.5 backport) ( #22026 )
...
* Fix trying to fetch posts from other users when fetching featured posts
* Rate-limit discovery of new subdomains
* Put a limit on recursively discovering new accounts
2022-12-15 19:21:17 +01:00