diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/brakeman.ignore | 86 | ||||
-rw-r--r-- | config/locales/ca.yml | 2 | ||||
-rw-r--r-- | config/locales/es.yml | 2 | ||||
-rw-r--r-- | config/locales/pl.yml | 5 | ||||
-rw-r--r-- | config/locales/simple_form.pl.yml | 2 | ||||
-rw-r--r-- | config/routes.rb | 5 |
6 files changed, 85 insertions, 17 deletions
diff --git a/config/brakeman.ignore b/config/brakeman.ignore index db7e37bb9..e8956639c 100644 --- a/config/brakeman.ignore +++ b/config/brakeman.ignore @@ -7,7 +7,7 @@ "check_name": "LinkToHref", "message": "Potentially unsafe model attribute in link_to href", "file": "app/views/admin/accounts/show.html.haml", - "line": 143, + "line": 147, "link": "http://brakemanscanner.org/docs/warning_types/link_to_href", "code": "link_to(Account.find(params[:id]).inbox_url, Account.find(params[:id]).inbox_url)", "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}], @@ -26,7 +26,7 @@ "check_name": "LinkToHref", "message": "Potentially unsafe model attribute in link_to href", "file": "app/views/admin/accounts/show.html.haml", - "line": 149, + "line": 153, "link": "http://brakemanscanner.org/docs/warning_types/link_to_href", "code": "link_to(Account.find(params[:id]).shared_inbox_url, Account.find(params[:id]).shared_inbox_url)", "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}], @@ -45,7 +45,7 @@ "check_name": "LinkToHref", "message": "Potentially unsafe model attribute in link_to href", "file": "app/views/admin/accounts/show.html.haml", - "line": 54, + "line": 57, "link": "http://brakemanscanner.org/docs/warning_types/link_to_href", "code": "link_to(Account.find(params[:id]).url, Account.find(params[:id]).url)", "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}], @@ -67,7 +67,7 @@ "line": 3, "link": "http://brakemanscanner.org/docs/warning_types/dynamic_render_path/", "code": "render(action => \"stream_entries/#{Account.find_local!(params[:account_username]).statuses.find(params[:id]).stream_entry.activity_type.downcase}\", { Account.find_local!(params[:account_username]).statuses.find(params[:id]).stream_entry.activity_type.downcase.to_sym => Account.find_local!(params[:account_username]).statuses.find(params[:id]).stream_entry.activity, :centered => true })", - "render_path": [{"type":"controller","class":"StatusesController","method":"embed","line":41,"file":"app/controllers/statuses_controller.rb"}], + "render_path": [{"type":"controller","class":"StatusesController","method":"embed","line":45,"file":"app/controllers/statuses_controller.rb"}], "location": { "type": "template", "template": "stream_entries/embed" @@ -102,7 +102,7 @@ "check_name": "LinkToHref", "message": "Potentially unsafe model attribute in link_to href", "file": "app/views/admin/accounts/show.html.haml", - "line": 152, + "line": 156, "link": "http://brakemanscanner.org/docs/warning_types/link_to_href", "code": "link_to(Account.find(params[:id]).followers_url, Account.find(params[:id]).followers_url)", "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}], @@ -121,7 +121,7 @@ "check_name": "LinkToHref", "message": "Potentially unsafe model attribute in link_to href", "file": "app/views/admin/accounts/show.html.haml", - "line": 127, + "line": 130, "link": "http://brakemanscanner.org/docs/warning_types/link_to_href", "code": "link_to(Account.find(params[:id]).salmon_url, Account.find(params[:id]).salmon_url)", "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}], @@ -140,10 +140,10 @@ "check_name": "Render", "message": "Render path contains parameter value", "file": "app/views/admin/custom_emojis/index.html.haml", - "line": 31, + "line": 45, "link": "http://brakemanscanner.org/docs/warning_types/dynamic_render_path/", "code": "render(action => filtered_custom_emojis.eager_load(:local_counterpart).page(params[:page]), {})", - "render_path": [{"type":"controller","class":"Admin::CustomEmojisController","method":"index","line":10,"file":"app/controllers/admin/custom_emojis_controller.rb"}], + "render_path": [{"type":"controller","class":"Admin::CustomEmojisController","method":"index","line":11,"file":"app/controllers/admin/custom_emojis_controller.rb"}], "location": { "type": "template", "template": "admin/custom_emojis/index" @@ -179,7 +179,7 @@ "check_name": "Render", "message": "Render path contains parameter value", "file": "app/views/admin/accounts/index.html.haml", - "line": 64, + "line": 67, "link": "http://brakemanscanner.org/docs/warning_types/dynamic_render_path/", "code": "render(action => filtered_accounts.page(params[:page]), {})", "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"index","line":12,"file":"app/controllers/admin/accounts_controller.rb"}], @@ -192,13 +192,52 @@ "note": "" }, { + "warning_type": "Cross-Site Request Forgery", + "warning_code": 7, + "fingerprint": "ab491f72606337a348482d006eb67a3b1616685fd48644d5ac909bbcd62a5000", + "check_name": "ForgerySetting", + "message": "'protect_from_forgery' should be called in WellKnown::HostMetaController", + "file": "app/controllers/well_known/host_meta_controller.rb", + "line": 4, + "link": "http://brakemanscanner.org/docs/warning_types/cross-site_request_forgery/", + "code": null, + "render_path": null, + "location": { + "type": "controller", + "controller": "WellKnown::HostMetaController" + }, + "user_input": null, + "confidence": "High", + "note": "" + }, + { + "warning_type": "Redirect", + "warning_code": 18, + "fingerprint": "ba699ddcc6552c422c4ecd50d2cd217f616a2446659e185a50b05a0f2dad8d33", + "check_name": "Redirect", + "message": "Possible unprotected redirect", + "file": "app/controllers/media_controller.rb", + "line": 10, + "link": "http://brakemanscanner.org/docs/warning_types/redirect/", + "code": "redirect_to(MediaAttachment.attached.find_by!(:shortcode => ((params[:id] or params[:medium_id]))).file.url(:original))", + "render_path": null, + "location": { + "type": "method", + "class": "MediaController", + "method": "show" + }, + "user_input": "MediaAttachment.attached.find_by!(:shortcode => ((params[:id] or params[:medium_id]))).file.url(:original)", + "confidence": "High", + "note": "" + }, + { "warning_type": "Cross-Site Scripting", "warning_code": 4, "fingerprint": "bb0ad5c4a42e06e3846c2089ff5269c17f65483a69414f6ce65eecf2bb11fab7", "check_name": "LinkToHref", "message": "Potentially unsafe model attribute in link_to href", "file": "app/views/admin/accounts/show.html.haml", - "line": 116, + "line": 119, "link": "http://brakemanscanner.org/docs/warning_types/link_to_href", "code": "link_to(Account.find(params[:id]).remote_url, Account.find(params[:id]).remote_url)", "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}], @@ -250,13 +289,32 @@ "note": "" }, { + "warning_type": "Cross-Site Request Forgery", + "warning_code": 7, + "fingerprint": "d4278f04e807ec58a23925f8ab31fad5e84692f2fb9f2f57e7931aff05d57cf8", + "check_name": "ForgerySetting", + "message": "'protect_from_forgery' should be called in WellKnown::WebfingerController", + "file": "app/controllers/well_known/webfinger_controller.rb", + "line": 4, + "link": "http://brakemanscanner.org/docs/warning_types/cross-site_request_forgery/", + "code": null, + "render_path": null, + "location": { + "type": "controller", + "controller": "WellKnown::WebfingerController" + }, + "user_input": null, + "confidence": "High", + "note": "" + }, + { "warning_type": "Cross-Site Scripting", "warning_code": 4, "fingerprint": "e04aafe1e06cf8317fb6ac0a7f35783e45aa1274272ee6eaf28d39adfdad489b", "check_name": "LinkToHref", "message": "Potentially unsafe model attribute in link_to href", "file": "app/views/admin/accounts/show.html.haml", - "line": 146, + "line": 150, "link": "http://brakemanscanner.org/docs/warning_types/link_to_href", "code": "link_to(Account.find(params[:id]).outbox_url, Account.find(params[:id]).outbox_url)", "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}], @@ -275,10 +333,10 @@ "check_name": "Render", "message": "Render path contains parameter value", "file": "app/views/stream_entries/show.html.haml", - "line": 21, + "line": 24, "link": "http://brakemanscanner.org/docs/warning_types/dynamic_render_path/", "code": "render(partial => \"stream_entries/#{Account.find_local!(params[:account_username]).statuses.find(params[:id]).stream_entry.activity_type.downcase}\", { :locals => ({ Account.find_local!(params[:account_username]).statuses.find(params[:id]).stream_entry.activity_type.downcase.to_sym => Account.find_local!(params[:account_username]).statuses.find(params[:id]).stream_entry.activity, :include_threads => true }) })", - "render_path": [{"type":"controller","class":"StatusesController","method":"show","line":20,"file":"app/controllers/statuses_controller.rb"}], + "render_path": [{"type":"controller","class":"StatusesController","method":"show","line":22,"file":"app/controllers/statuses_controller.rb"}], "location": { "type": "template", "template": "stream_entries/show" @@ -288,6 +346,6 @@ "note": "" } ], - "updated": "2017-11-19 20:34:18 +0100", + "updated": "2018-02-16 06:42:53 +0100", "brakeman_version": "4.0.1" } diff --git a/config/locales/ca.yml b/config/locales/ca.yml index 4b922552a..ffa639f6b 100644 --- a/config/locales/ca.yml +++ b/config/locales/ca.yml @@ -551,7 +551,7 @@ ca: reblog: title: "%{name} t'ha retootejat" remote_follow: - acct: Escriu l'usuari@domini de la persona que vols seguir + acct: Escriu el teu usuari@domini des del qual vols seguir missing_resource: No s'ha pogut trobar la URL de redirecció necessaria per al compte proceed: Comença a seguir prompt: 'Seguiràs a:' diff --git a/config/locales/es.yml b/config/locales/es.yml index e60b6dd15..a948e7629 100644 --- a/config/locales/es.yml +++ b/config/locales/es.yml @@ -551,7 +551,7 @@ es: reblog: title: "%{name} boosteó tu estado" remote_follow: - acct: Ingesa el usuario@dominio de la persona que quieres seguir + acct: Ingesa tu usuario@dominio desde el que quieres seguir missing_resource: No se pudo encontrar la URL de redirección requerida para tu cuenta proceed: Proceder a seguir prompt: 'Vas a seguir a:' diff --git a/config/locales/pl.yml b/config/locales/pl.yml index b3b967e93..8d8675df9 100644 --- a/config/locales/pl.yml +++ b/config/locales/pl.yml @@ -359,6 +359,7 @@ pl: auth: agreement_html: Rejestrując się, oświadczasz, że zapoznałeś się z <a href="%{rules_path}">informacjami o instancji</a> i <a href="%{terms_path}">zasadami korzystania z usługi</a>. change_password: Bezpieczeństwo + confirm_email: Potwierdź adres e-mail delete_account: Usunięcie konta delete_account_html: Jeżeli chcesz usunąć konto, <a href="%{path}">przejdź tutaj</a>. Otrzymasz prośbę o potwierdzenie. didnt_get_confirmation: Nie otrzymałeś instrukcji weryfikacji? @@ -368,6 +369,10 @@ pl: logout: Wyloguj się migrate_account: Przenieś konto migrate_account_html: Jeżeli chcesz skonfigurować przekierowanie z obecnego konta na inne, możesz <a href="%{path}">skonfigurować to tutaj</a>. + or_log_in_with: Lub zaloguj się używając + providers: + cas: CAS + saml: SAML register: Rejestracja resend_confirmation: Ponownie prześlij instrukcje weryfikacji reset_password: Zresetuj hasło diff --git a/config/locales/simple_form.pl.yml b/config/locales/simple_form.pl.yml index dd987aab1..9876f67b0 100644 --- a/config/locales/simple_form.pl.yml +++ b/config/locales/simple_form.pl.yml @@ -49,6 +49,7 @@ pl: setting_default_privacy: Widoczność wpisów setting_default_sensitive: Zawsze oznaczaj zawartość multimedialną jako wrażliwą setting_delete_modal: Pytaj o potwierdzenie przed usunięciem wpisu + setting_display_sensitive_media: Zawsze oznaczaj zawartość multimedialną jako wrażliwą setting_favourite_modal: Pytaj o potwierdzenie przed dodaniem do ulubionych setting_noindex: Nie indeksuj mojego profilu w wyszukiwarkach internetowych setting_reduce_motion: Ogranicz ruch w animacjach @@ -58,6 +59,7 @@ pl: severity: Priorytet type: Typ importu username: Nazwa użytkownika + username_or_email: Nazwa użytkownika lub adres e-mail interactions: must_be_follower: Nie wyświetlaj powiadomień od osób, które Cię nie śledzą must_be_following: Nie wyświetlaj powiadomień od osób, których nie śledzisz diff --git a/config/routes.rb b/config/routes.rb index 8a52892f2..eea11b499 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -112,7 +112,10 @@ Rails.application.routes.draw do resources :sessions, only: [:destroy] end - resources :media, only: [:show] + resources :media, only: [:show] do + get :player + end + resources :tags, only: [:show] resources :emojis, only: [:show] resources :invites, only: [:index, :create, :destroy] |