Age | Commit message (Collapse) | Author |
|
Port 50cd73e5d7e39600203c9c3f591f04289f41e297 to glitch-soc
Signed-off-by: Thibaut Girka <thib@sitedethib.com>
|
|
|
|
|
|
|
|
Because the file name was set after loading the file, Paperclip
was flagging the differing file extension as content type spoofing
Fix #12938
|
|
Port c31d61d7f2d576b42ea82ab01470bce7e6e5a3a7 to glitch-soc
Signed-off-by: Thibaut Girka <thib@sitedethib.com>
|
|
|
|
As pointed out on Discourse:
https://discourse.joinmastodon.org/t/obscure-wtf-error-message-running-migrations-for-3-1/2524
The message the administrators were getting was telling them
to log in to the "GitLab database" and also mentions MySQL
|
|
If the “Why do you want to join?” textarea is left empty and the entered params
do not validate, the textarea isn't shown again, unlike other fields.
This commit fixes that by populating an empty `UserInviteRequest` when needed.
|
|
web UI
Port 1314bba68a5f2d271312bad08f108e1ff56c2c00 to glitch-soc
Signed-off-by: Thibaut Girka <thib@sitedethib.com>
|
|
(#13116)
`request.format` is not a symbol but a `Mime::Type`, so the condition actually
never matched, and a session was created even for those requests, preventing
caching.
|
|
migrations
|
|
being possible
Fix #3804, Fix #5776
|
|
|
|
upstream privacy improvements
|
|
|
|
support subdomains
* Change domain blocks to automatically support subdomains
If a more authoritative domain is blocked (example.com), then the
same block will be applied to a subdomain (foo.example.com)
* Match subdomains of existing accounts when blocking/unblocking domains
* Improve code style
|
|
crawl (#11454)
* Add "--exclude-suspended" to tootctl domains crawl
This new option ignores any instances suspended server-wide as
well as their associated subdomains. This queries all domain
blocks up front, then runs a regexp on each domain. This improves
performance over what may be the obvious implementation, which is
to ask `DomainBlocks.blocked?(domain)` for each domain -- this
hits the DB many times, slowing things down considerably.
* cleaning up code style
* Compiling regex
* Removing ternary operator
|
|
|
|
mode
|
|
… posting to the AP inbox required a logged-in local user…
|
|
whitelist/secure mode
Fix relays UI referencing relay that is not functional
|
|
leaving media behind for a day
The reason for unattaching media instead of removing it is to support
delete & redraft functionality, but remote or staff-removed statuses
will never be redrafted, so the media should be deleted immediately
|
|
being enabled in the admin dashboard
|
|
* Add automatic blocklist display in /about/blocks
Inspired by https://github.com/Gargron/mastodon.social-misc
* Add admin option to set who can see instance blocks
* Normalize locales files
* Rename “Sandbox” to “Silence” for consistency
* Disable /about/blocks when in whitelist mode
* Optionally display rationale for domain blocks
* Only display domain blocks that have user-facing limitations, and order them
* Redesign table of blocked domains to better handle long domain names and rationales
* Change domain blocks ordering now that rationales aren't displayed right away
* Only show explanation for block severities actually in use
* Reword instance block explanations and add disclaimer for public fetch mode
|
|
federation page in admin UI
|
|
|
|
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
|
|
|
|
exceptions and missing error templates
|
|
|
|
Fix #12509
See also #12214
|
|
non-HTML requests
|
|
Fix #6462
|
|
|
|
|
|
|
|
Fix #12034
|
|
on public pages
Fix #11969
|
|
|
|
(#11539)
Regression from #8657
|
|
profile page
* Add featured tag support to rss feed on public account page
* fix codeing style
|
|
|
|
even if file is not stored
Change the behaviour of remotable concern. Previously, it would skip
downloading an attachment if the stored remote URL is identical to
the new one. Now it would not be skipped if the attachment is not
actually currently stored by Paperclip.
|
|
|
|
Fix #12551
Fix #12547
|
|
followers/following from REST API when user has network hidden
Fix #12510
|
|
|
|
Instead of returning a signature verification error, pretend there
was no signature (i.e., this does not allow access to resources that
need a valid signature), so public resources can still be fetched
Fix #13011
|
|
Fix OEmbed preview API leaking existence of private statuses (see #12930)
|