| Age | Commit message (Collapse) | Author |
|---|
|
In Rails 6.1, raw file inclusion in templates have to be explicitly marked as
HTML-safe, otherwise it's rendered as text.
|
|
|
|
|
|
|
|
|
|
As far as I understand, the brakeman warning was a false-positive as
`content_tag` properly escapes untrusted HTML. Furthermore, the interpolated
string values are built from the “username” part of accounts, which is
restricted to a small subset of ASCII that precludes any XML entity or HTML
code.
This proposed change should be functionally equivalent to the current code,
however it is slightly more robust, it's more idiomatic, and Brakeman will
stop complaining about it.
|
|
|
|
|
|
The exports page showed a different "CSV" capitalisation in the
"Bookmarks" row ("Csv") compared to the other rows ("CSV").
This was due to a referece to a translation string that does not exist,
`bookmarks.csv`, defaulting to the key's last segment in title case.
This issue was introduced in commit dcd86204 (PR #14956).
(h/t @meqif for helping with figuring out the bug)
|
|
(#15858)
Fixes #15849
|
|
Conflicts:
- `app/validators/status_length_validator.rb`:
Conflict due to glitch-soc's configurable maximum toot chars.
Ported upstream changes.
|
|
|
|
|
|
Conflicts:
- `app/validators/status_length_validator.rb`:
Upstream changes too close to glitch-soc MAX_CHARS changes, but not a real
conflict.
Applied upstream changes.
- `package.json`:
glitch-soc-only dependency textually too close to a dependency updated
upstream, not a real conflict.
Applied upstream changes.
|
|
|
|
|
|
set (#15778)
|
|
|
|
|
|
|
|
Conflicts:
- `app/javascript/styles/mastodon/modal.scss`:
For some reason we changed the file loading path in glitch-soc,
but now upstream has completely changed how the logo is loaded.
Applied upstream changes.
|
|
* Use custom mascot on static share page
* Use full_asset_url
|
|
|
|
|
|
- marks the page as a whole as untranslatable
- still marks user text as translatable
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
|
|
|
Conflicts:
- `config/webpack/configuration.js`:
Upstream updated the `js-yaml` dependency, which changed how to call it.
Those changes conflicted because that code is pretty different in glitch-soc
which has to deal with its more complex theming system.
Proceeded to the same compatibility changes in glitch-soc's code.
- `package.json` and `yarn.lock`:
Not really a conflict, just glitch-soc-specific dependencies textually too
close to some dependencies updated upstream.
|
|
|
|
|
|
Conflicts:
- `app/services/resolve_url_service.rb`:
The private toot search by URL hack has been revamped upstream.
Took upstream's version.
|
|
admin UI (#15367)
|
|
- Replace the middle of the domain with * characters (except for periods)
- Add SHA-256 digest of the domain name in tooltip
|
|
* Fix admin being able to suspend their own instance account
* Add text about the instance's own actor in admin view
* Change instance actor notice from flash message to template
* Do not list local instance actor in account moderation list
|
|
Conflicts:
- `app/models/form/admin_settings.rb`:
New setting added upstream. Ported it.
- `app/views/statuses/_simple_status.html.haml`:
Upstream removed RTL classes. Did the same.
- `config/settings.yml`:
New setting added upstream. Ported it.
|
|
|
|
* feat: display `invite_request_text` in admin's user account page
* fix: move invite_request to the bottom of accounts page
* fix: remove time display, remove formate, change code terminology
* fix: remove escape
|
|
* Add indication to admin UI of whether a report has been forwarded
* Rework how forwarded status is displayed
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
|
Fixes #15273
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
|
- Reduce duplicate queries
- Remove n+1 queries
- Add accounts count to detailed view
- Add separate action log entry for updating existing domain blocks
|
|
|
|
|
|
Conflicts:
- `app/controllers/about_controller.rb`:
Minor conflict caused by glitch-soc's theming system.
Ported upstream changes.
|
|
* Add honeypot fields to limit non-specialized spam
Add two honeypot fields: a fake website input and a fake password confirmation
one. The label/placeholder/aria-label tells not to fill them, and they are
hidden in CSS, so legitimate users should not fall into these.
This should cut down on some non-Mastodon-specific spambots.
* Require a 3 seconds delay before submitting the registration form
* Fix tests
* Move registration form time check to model validation
* Give people a chance to clear the honeypot fields
* Refactor honeypot translation strings
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
|
|
|
Conflicts:
- `app/services/remove_status_service.rb`:
Conflict caused by us having a distinc Direct timeline.
Ported upstream changes.
- `app/javascript/mastodon/features/compose/components/compose_form.js`:
Conflict between glitch-soc's variable character limit and upstream
refactoring that part of the code.
Ported upstream changes.
|
|
Fixes #15262
|
|
|
|
|
|
Conflicts:
- `.github/ISSUE_TEMPLATE/bug_report.md`:
Upstream added the `bug` label to bug reports.
Did the same.
- `app/services/fan_out_on_write_service.rb`:
Upstream put DMs back into timelines, glitch-soc was already doing it.
Ignored upstream changes.
|
|
* Add ability to export bookmarks
* Add support for importing bookmarks
* Add bookmark import tests
* Add bookmarks export test
|
