7e3c5d1ec8
integrate glitch
2022-03-29 10:12:39 +02:00
91527021b7
install yarn deps
2022-02-04 11:01:37 +01:00
df6b81d678
Merge remote-tracking branch 'glitch-soc/main'
2022-02-04 11:01:25 +01:00
adb5be766e
Merge branch 'master' of https://framagit.org/tykayn/mastodon
2022-02-04 10:52:11 +01:00
43c0067865
hop
2022-02-04 10:52:07 +01:00
48540d459b
Merge branch 'master' of https://framagit.org/tykayn/mastodon
2022-02-04 09:14:38 +01:00
4494d73cbc
Merge tag 'v3.4.6'
2022-02-04 09:13:39 +01:00
Claire
73b730e649
Merge pull request #1676 from ClearlyClaire/glitch-soc/merge-upstream
...
Merge upstream changes
2022-02-03 14:09:19 +01:00
Claire
93a6c143af
Fix insufficient sanitization of report comments ( #17430 )
2022-02-03 14:08:24 +01:00
Claire
2beb0a7af5
Bump version to 3.4.6
2022-02-03 12:12:27 +01:00
Claire
bb7b2868a0
Bump version to 3.4.6
2022-02-02 23:48:38 +01:00
Wonderfall
a06dda41d0
disable legacy XSS filtering ( #17289 )
...
Browsers are phasing out X-XSS-Protection, but Safari and IE still support it.
2022-02-02 23:30:15 +01:00
Claire
bf005edd30
Change mastodon:webpush:generate_vapid_key task to not require functional env ( #17338 )
...
Fixes #17297
2022-02-02 23:30:15 +01:00
Claire
df68d2eab8
Fix response_to_recipient? CTE
2022-02-02 23:30:15 +01:00
Claire
b27f50da5a
Fix insufficient sanitization of report comments
2022-02-02 23:30:15 +01:00
Claire
e2009ced3a
Fix compacted JSON-LD possibly causing compatibility issues on forwarding
2022-02-02 23:30:15 +01:00
Puck Meerburg
fe0210074f
Compact JSON-LD signed incoming activities
2022-02-02 23:30:15 +01:00
Claire
c8dbbd60eb
Fix error-prone SQL queries ( #15828 )
...
* Fix error-prone SQL queries in Account search
While this code seems to not present an actual vulnerability, one could
easily be introduced by mistake due to how the query is built.
This PR parameterises the `to_tsquery` input to make the query more robust.
* Harden code for Status#tagged_with_all and Status#tagged_with_none
Those two scopes aren't used in a way that could be vulnerable to an SQL
injection, but keeping them unchanged might be a hazard.
* Remove unneeded spaces surrounding tsquery term
* Please CodeClimate
* Move advanced_search_for SQL template to its own function
This avoids one level of indentation while making clearer that the SQL template
isn't build from all the dynamic parameters of advanced_search_for.
* Add tests covering tagged_with, tagged_with_all and tagged_with_none
* Rewrite tagged_with_none to avoid multiple joins and make it more robust
* Remove obsolete brakeman warnings
* Revert "Remove unneeded spaces surrounding tsquery term"
The two queries are not strictly equivalent.
This reverts commit 86f16c537e06c6ba4a8b250f25dcce9f049023ff.
2022-02-02 23:30:15 +01:00
Claire
6d831fe274
Fix spurious errors when receiving an Add activity for a private post ( #17425 )
2022-02-02 22:59:34 +01:00
Claire
a3e0dacf5c
Fix response_to_recipient? CTE
2022-02-02 19:55:57 +01:00
Claire
7b969436a0
Fix compacted JSON-LD possibly causing compatibility issues on forwarding
2022-02-02 19:55:57 +01:00
Puck Meerburg
63da32468c
Compact JSON-LD signed incoming activities
2022-02-02 16:13:11 +01:00
Claire
20a4b8081f
Merge pull request #1675 from ClearlyClaire/glitch-soc/merge-upstream
...
Merge upstream changes
2022-02-01 21:41:58 +01:00
Claire
098f2bc1e1
Merge branch 'main' into glitch-soc/merge-upstream
2022-02-01 20:59:28 +01:00
Alexandra Catalina
d0d15bf49c
Update tootsuite/mastodon Docker tag to v3.4.5 ( #17417 )
...
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-02-01 20:57:50 +01:00
Claire
987d88ea56
Fix requiring an extra restart after recent post-deployment migrations ( #17422 )
...
Follow-up to #16409
2022-02-01 20:57:39 +01:00
Rohan Sharma
4d6d4b43c6
Fixed prototype pollution bug and only allow trusted origin ( #17420 )
2022-02-01 17:34:48 +01:00
Claire
54581d43e7
Bump version to 3.4.5 ( #17402 )
2022-01-31 21:27:40 +01:00
Claire
1c8c318281
Bump version to 3.4.5
2022-01-31 18:04:24 +01:00
Claire
d722222fe1
Add more advanced migration tests ( #17393 )
...
- populate the database with some data when testing migrations
- try both one-step and two-step migrations (`SKIP_POST_DEPLOYMENT_MIGRATIONS`)
2022-01-31 11:23:58 +01:00
Claire
03f0e98b32
Fix followers synchronization mechanism not working when URI has empty path ( #16510 )
...
* Fix followers synchronization mechanism not working when URI has empty path
To my knowledge, there is no current implementation on the fediverse
that can use bare domains (e.g., actor is at https://example.org instead of
something like https://example.org/actor ) that also plans to support the
followers synchronization mechanism. However, Mastodon's current implementation
would exclude such accounts from followers list.
Also adds tests and rename them to reflect the proper method names.
* Move url prefix regexp to its own constant
2022-01-31 10:59:00 +01:00
Claire
d6f3261c6c
Merge pull request #1674 from ClearlyClaire/glitch-soc/merge-upstream
...
Merge upstream changes
2022-01-31 10:51:11 +01:00
Claire
2fcf652fff
Merge branch 'main' into glitch-soc/merge-upstream
2022-01-31 10:42:17 +01:00
Eugen Rochko
2c83b9076d
Add manual GitHub Actions runs ( #17000 )
2022-01-31 10:35:55 +01:00
Eugen Rochko
c8301bcfc3
Change workflow to push to Docker Hub ( #16980 )
2022-01-31 10:35:38 +01:00
Yusuke Nakamura
0ae91e45de
Build container image by GitHub Actions ( #16973 )
...
* Build container image by GitHub Actions
* Trigger docker build only pushed to main branch
* Tweak tagging imgae
- "edge" is the main branch
- "latest" is the tagged latest release
2022-01-31 10:35:14 +01:00
Claire
2363b026e6
Bump ruby-saml from 1.11.0 to 1.13.0 ( #16723 )
...
Fixes #16720
2022-01-31 10:33:47 +01:00
Jeong Arm
959234c1e4
Save bundle config as local ( #17188 )
...
Some bundle options are saved as global user config and not project local.
Specially, `deployment` must be saved as local config to be run on copied environment
2022-01-31 10:32:46 +01:00
Claire
0dc103ea11
Fix edge case in migration helpers that caused crash because of PostgreSQL quirks ( #17398 )
2022-01-31 10:31:56 +01:00
Claire
b782f86b51
Fix some old migration scripts ( #17394 )
...
* Fix some old migration scripts
* Fix edge case in two-step migration from older releases
2022-01-31 10:31:36 +01:00
Daniel Jakots
aa45404578
Bump NODE_VER to 16.13.2, to solve security issues ( #17399 )
...
Fixes CVE-2021-44532, CVE-2021-44533, and CVE-2022-21824.
See: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/
2022-01-31 00:32:03 +01:00
Claire
a0e06c3c3e
Add more advanced migration tests ( #17393 )
...
- populate the database with some data when testing migrations
- try both one-step and two-step migrations (`SKIP_POST_DEPLOYMENT_MIGRATIONS`)
2022-01-30 23:50:08 +01:00
Claire
c6b291afc3
Change index corruption warning to be a little less scary ( #17395 )
2022-01-30 23:49:52 +01:00
Claire
b54e263712
Merge pull request #1673 from ClearlyClaire/glitch-soc/merge-upstream
...
Merge upstream changes
2022-01-30 22:51:32 +01:00
Claire
a99adeaad3
Fix edge case in migration helpers that caused crash because of PostgreSQL quirks ( #17398 )
2022-01-30 22:34:54 +01:00
Claire
7679ddcd5e
Merge branch 'main' into glitch-soc/merge-upstream
2022-01-30 22:33:30 +01:00
Claire
ac583fce21
Fix some old migration scripts ( #17394 )
...
* Fix some old migration scripts
* Fix edge case in two-step migration from older releases
2022-01-30 21:38:54 +01:00
Claire
f5639e1cbe
Change public profile pages to be disabled for unconfirmed users ( #17385 )
...
Fixes #17382
Note that unconfirmed and unapproved accounts can still be searched for
and their (empty) account retrieved using the REST API.
2022-01-28 14:24:37 +01:00
Claire
2ba6267f16
Merge pull request #1668 from ClearlyClaire/glitch-soc/merge-upstream
...
Merge upstream changes
2022-01-28 09:38:44 +01:00
Claire
94a39f6b68
Fix Sidekiq warning when pushing DMs to direct timeline
2022-01-28 09:07:56 +01:00