| Age | Commit message (Collapse) | Author |
|---|
|
Remove "active within last two weeks" exception for sign in token requirement
Change admin reset password to lock access until the password is reset
|
|
Fixes #16435
|
|
|
|
Also adds timestamp in HTML itself to not rely on javascript
|
|
|
|
If a status with a hashtag becomes very popular, it stands to
reason that the hashtag should have a chance at trending
Fix no stats being recorded for hashtags that are not allowed
to trend, and stop ignoring bots
Remove references to hashtags in profile directory from the code
and the admin UI
|
|
* Fix issues with POSIX::Spawn, Terrapin and Ruby 3.0
Also improve the Terrapin monkey-patch for the stderr/stdout issue.
* Fix keyword argument handling throughout the codebase
* Monkey-patch Paperclip to fix keyword arguments handling in validators
* Change validation_extensions to please CodeClimate
* Bump microformats from 4.2.1 to 4.3.1
* Allow Ruby 3.0
* Add Ruby 3.0 test target to CircleCI
* Add test for admin dashboard warnings
* Fix admin dashboard warnings on Ruby 3.0
|
|
* Add management of delivery availavility in Federation settings
* fix translate
* Remove useless object creation
* Fix DeepSource issue
* Add shortcut for all
* Fix DeepSource(skipcq)
* Change 'remove' to 'clear'
* Fix style
* Change class method name (exhausted_deliveries_key_by)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
In Rails 6.1, raw file inclusion in templates have to be explicitly marked as
HTML-safe, otherwise it's rendered as text.
|
|
|
|
As far as I understand, the brakeman warning was a false-positive as
`content_tag` properly escapes untrusted HTML. Furthermore, the interpolated
string values are built from the “username” part of accounts, which is
restricted to a small subset of ASCII that precludes any XML entity or HTML
code.
This proposed change should be functionally equivalent to the current code,
however it is slightly more robust, it's more idiomatic, and Brakeman will
stop complaining about it.
|
|
|
|
The exports page showed a different "CSV" capitalisation in the
"Bookmarks" row ("Csv") compared to the other rows ("CSV").
This was due to a referece to a translation string that does not exist,
`bookmarks.csv`, defaulting to the key's last segment in title case.
This issue was introduced in commit dcd86204 (PR #14956).
(h/t @meqif for helping with figuring out the bug)
|
|
(#15858)
Fixes #15849
|
|
|
|
|
|
set (#15778)
|
|
|
|
* Use custom mascot on static share page
* Use full_asset_url
|
|
- marks the page as a whole as untranslatable
- still marks user text as translatable
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
|
|
|
admin UI (#15367)
|
|
- Replace the middle of the domain with * characters (except for periods)
- Add SHA-256 digest of the domain name in tooltip
|
|
* Fix admin being able to suspend their own instance account
* Add text about the instance's own actor in admin view
* Change instance actor notice from flash message to template
* Do not list local instance actor in account moderation list
|
|
|
|
* feat: display `invite_request_text` in admin's user account page
* fix: move invite_request to the bottom of accounts page
* fix: remove time display, remove formate, change code terminology
* fix: remove escape
|
|
* Add indication to admin UI of whether a report has been forwarded
* Rework how forwarded status is displayed
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
|
Fixes #15273
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
|
- Reduce duplicate queries
- Remove n+1 queries
- Add accounts count to detailed view
- Add separate action log entry for updating existing domain blocks
|
|
|
|
* Add honeypot fields to limit non-specialized spam
Add two honeypot fields: a fake website input and a fake password confirmation
one. The label/placeholder/aria-label tells not to fill them, and they are
hidden in CSS, so legitimate users should not fall into these.
This should cut down on some non-Mastodon-specific spambots.
* Require a 3 seconds delay before submitting the registration form
* Fix tests
* Move registration form time check to model validation
* Give people a chance to clear the honeypot fields
* Refactor honeypot translation strings
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
|
Fixes #15262
|
|
|
|
* Add ability to export bookmarks
* Add support for importing bookmarks
* Add bookmark import tests
* Add bookmarks export test
|
|
* Add interrelationship icon
* Fix arrow for rtl
* Fix to predefined color
|
|
* Add follow selected followers button
* Fix unused variable
* Fix i18n normalize
|
|
Fix #2744
|
|
public pages (#15052)
|
|
* Add account sensitized
* Fix i18n normalize
* Fix description and spec
* Fix spec
* Fix wording
|
|
- Makes permalink to a toot more easily clickable
- Fix clicking between icon and time in fact clicking the display name
- Fix clicking slightly under time in fact clicking the display name
|
|
* Change how CDN_HOST is passed down to make assets build reproducible
* Change webpacker/webpack configuration to dynamically load publicPath based on meta header
* Fix embedded layout missing the cdn-host meta header
|
|
|
|
There are edge cases where requests to certain hosts timeout when
using the vanilla HTTP.rb gem, which the goldfinger gem uses. Now
that we no longer need to support OStatus servers, webfinger logic
is so simple that there is no point encapsulating it in a gem, so
we can just use our own Request class. With that, we benefit from
more robust timeout code and IPv4/IPv6 resolution.
Fix #14091
|
|
|
