paravielfalt/mastodon
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Activity Actions
13027 commits 79 branches 301 tags 756 MiB
Commit graph

7238 commits

Author SHA1 Message Date
June
52e78d2192 Fix not all legal images showing in file picker when uploading custom emoji (#28076) 2024-08-16 12:37:08 +02:00
Jonathan de Jong
a046dcefe6 Fix error when encountering malformed Tag objects from Kbin (#28235) 2024-08-16 12:37:08 +02:00
Michael Stanclift
3e9238de47 Fix OCR when using S3/CDN for assets (#28551) 2024-08-16 12:37:08 +02:00
Claire
3868a63607 Fix already-invalid reports failing to resolve (#29027) 2024-08-16 12:37:08 +02:00
Claire
6383a2e4ee Fix report reason selector in moderation interface not unselecting rules when changing category (#29026) 2024-08-16 12:37:08 +02:00
Râu Cao
4d994fa24f Fix local account search on LDAP login being case-sensitive (#30113) 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2024-08-16 12:37:08 +02:00
Claire
aa3fc5364c Fix division by zero on some video/GIF files (#30600) 2024-08-16 12:37:08 +02:00
Adam Niedzielski
f4b4a855ec Fix ß bug in regexp for mentions and tags (#31122) 2024-08-16 12:37:08 +02:00
Claire
694cf6ca5c Fix hashtag matching pattern matching some link anchors (#30190) 2024-08-16 12:37:08 +02:00
Adam Niedzielski
3e1f1b545d Select correct self link when parsing Webfinger response (#31110) 2024-08-16 12:37:08 +02:00
Claire
d673b6e920 Fix status processing failing halfway when a remote post has a malformed replies attribute (#31246) 2024-08-16 12:37:08 +02:00
Claire
a1c7aae28a
Merge pull request from GHSA-xjvf-fm67-4qc3 2024-07-04 16:45:52 +02:00
Claire
34aeef3453
Merge pull request from GHSA-58x8-3qxw-6hm7 
* Fix insufficient permission checking for public timeline endpoints

Note that this changes unauthenticated access failure code from 401 to 422

* Add more tests for public timelines

* Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses`
 2024-07-04 16:26:49 +02:00
Claire
122740047a
Merge pull request from GHSA-vp5r-5pgw-jwqx 
* Fix streaming sessions not being closed when revoking access to an app

* Add tests for GHSA-7w3c-p9j8-mq3x
 2024-07-04 16:11:28 +02:00
Claire
4b45333aff fix: Return HTTP 422 when scheduled status time is less than 5 minutes (#30584) 2024-07-03 11:13:40 +02:00
David Roetzel
6cf83a2a64 Improve encoding detection for link cards (#30780) 2024-07-03 11:13:40 +02:00
Eugen Rochko
2a5819e8bb Change search modifiers to be case-insensitive (#30865) 2024-07-03 11:13:40 +02:00
David Roetzel
815680bd13 Add size limit for link preview URLs (#30854) 2024-07-03 11:13:40 +02:00
Claire
8e924e4338 Fix /admin/accounts/:account_id/statuses/:id for edited posts with media attachments (#30819) 2024-07-02 16:20:04 +02:00
Claire
2ee88a99d9 Change PWA start URL from /home to / (#27377) 2024-06-18 16:05:53 +02:00
Claire
e292a28933
Merge pull request from GHSA-5fq7-3p3j-9vrf 2024-05-30 14:03:13 +02:00
Claire
ba240cea0c Normalize language code of incoming posts (#30403) 2024-05-29 15:31:34 +02:00
Emelia Smith
984d7d3dc8 Fix missing destory audit logs for Domain Allows (#30125) 2024-05-17 12:30:07 +02:00
Claire
33a50884e5 Fix not being able to block a subdomain of an already-blocked domain through the API (#30119) 2024-05-17 12:30:07 +02:00
Claire
70c4d70dbe Fix Idempotency-Key ignored when scheduling a post (#30084) 2024-05-17 12:30:07 +02:00
Tim Rogers
a6089cdfca Fixed crash when supplying FFMPEG_BINARY environment variable (#30022) 2024-05-17 12:30:07 +02:00
Claire
5973d7a4b6 Remove caching in cache_collection (#29862) 2024-05-17 12:30:07 +02:00
Claire
ba5551fd1d Improve email address validation (#29838) 2024-05-17 12:30:07 +02:00
Matt Jankowski
8ce403a85b Fix results/query in api/v1/featured_tags/suggestions (#29597) 2024-05-17 12:30:07 +02:00
Jeong Arm
3ff575f54c Normalize idna domain before account unblock domain (#29530) 2024-05-17 12:30:07 +02:00
Emelia Smith
209632a0fd Return domain block digests from admin domain blocks API (#29092) 2024-05-17 12:30:07 +02:00
Claire
079d3e5189 Add fallback redirection when getting a webfinger query WEB_DOMAIN@WEB_DOMAIN (#28592) 2024-05-17 12:30:07 +02:00
Claire
37adb144db
Fix auto close registration mail (#30323) 2024-05-16 11:52:02 +02:00
Claire
d3c4441af8
Fix processing of Link objects in Image objects (#29364) 2024-02-23 09:53:09 +01:00
Claire
f0541adbd4
Fix link verifications when page size exceeds 1MB (#29362) 2024-02-22 19:12:57 +01:00
Claire
3fecb36739
Change registrations to be disabled by default for new servers (#29354) 2024-02-22 18:28:41 +01:00
Claire
c7312411b8 Fix auto-close email being sent to users with devops permissions instead of settings permissions (#29356) 2024-02-22 18:28:28 +01:00
Claire
2fc87611be Automatically switch from open to approved registrations in absence of moderators (#29337) 2024-02-22 18:28:28 +01:00
Claire
a07fff079b
Merge pull request from GHSA-jhrq-qvrm-qr36 
* Fix insufficient Content-Type checking of fetched ActivityStreams objects

* Allow JSON-LD documents with multiple profiles
 2024-02-16 11:56:12 +01:00
Claire
9e5af6bb58 Fix user creation failure handling in OAuth paths (#29207) 
Co-authored-by: Matt Jankowski <matt@jankowski.online>
 2024-02-14 23:16:39 +01:00
Claire
6f36b633a7
Merge pull request from GHSA-vm39-j3vx-pch3 
* Prevent different identities from a same SSO provider from accessing a same account

* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`

* Rename methods to avoid confusion between OAuth and OmniAuth
 2024-02-14 15:16:07 +01:00
Claire
d807b3960e
Merge pull request from GHSA-7w3c-p9j8-mq3x 
* Ensure destruction of OAuth Applications notifies streaming

Due to doorkeeper using a dependent: delete_all relationship, the destroy of an OAuth Application bypassed the existing AccessTokenExtension callbacks for announcing destructing of access tokens.

* Ensure password resets revoke access to Streaming API

* Improve performance of deleting OAuth tokens

---------

Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
 2024-02-14 15:15:34 +01:00
Claire
5799bc4af7
Merge pull request from GHSA-3fjr-858r-92rw
Some checks failed
Build container release images / build-image (push) Failing after 3m33s
Details
PR Needs Rebase / label-rebase-needed (push) Failing after 4s
Details 
* Fix insufficient origin validation

* Bump version to v4.1.13
 2024-02-01 15:56:46 +01:00
Claire
2e8943aecd Add rate-limit of TOTP authentication attempts at controller level (#28801) 2024-01-24 15:31:06 +01:00
Claire
460e4fbdd6 Fix processing of compacted single-item JSON-LD collections (#28816) 2024-01-24 15:31:06 +01:00
Jonathan de Jong
de60322711 Retry 401 errors on replies fetching (#28788) 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
 2024-01-24 15:31:06 +01:00
Jeong Arm
90bb870680 Ignore RecordNotUnique errors in LinkCrawlWorker (#28748) 2024-01-24 15:31:06 +01:00
Claire
9292d998fe Fix Mastodon not correctly processing HTTP Signatures with query strings (#28476) 2024-01-24 15:31:06 +01:00
Claire
458620bdd4 Fix potential redirection loop of streaming endpoint (#28665) 2024-01-24 15:31:06 +01:00
Claire
a1a71263e0 Fix streaming API redirection ignoring the port of streaming_api_base_url (#28558) 2024-01-24 15:31:06 +01:00