Age | Commit message (Collapse) | Author |
|
|
|
|
|
In Rails 6.1, raw file inclusion in templates have to be explicitly marked as
HTML-safe, otherwise it's rendered as text.
|
|
|
|
|
|
Fixes #15984
|
|
|
|
Raw SQL passed to `pluck` now has to be explicitly marked as SQL via
Arel.sql, see https://github.com/rails/rails/pull/27947
|
|
|
|
Allow changing e-mail as long as the account is unconfirmed
|
|
* Add transition to media modal background
* use reduceMotion
* Move background color transition into css
Signed-off-by: marcin mikołajczak <me@mkljczk.pl>
|
|
Port 034f37b85a716872f78a72048a5a225cdcaa840a to glitch-soc
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
|
|
Add cacheKey to NonceProvider for react-select
Port changes from c3aef491d66aec743a3a53e934a494f653745b61 to glitch-soc
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
|
|
|
|
* Update devise-two-factor to unreleased fork for Rails 6 support
Update tests to match new `rotp` version.
* Update nsa gem to unreleased fork for Rails 6 support
* Update rails to 6.1.3 and rails-i18n to 6.0
* Update to unreleased fork of pluck_each for Ruby 6 support
* Run "rails app:update"
* Add missing ActiveStorage config file
* Use config.ssl_options instead of removed ApplicationController#force_ssl
Disabled force_ssl-related tests as they do not seem to be easily testable
anymore.
* Fix nonce directives by removing Rails 5 specific monkey-patching
* Fix fixture_file_upload deprecation warning
* Fix yield-based test failing with Rails 6
* Use Rails 6's index_with when possible
* Use ActiveRecord::Cache::Store#delete_multi from Rails 6
This will yield better performances when deleting an account
* Disable Rails 6.1's automatic preload link headers
Since Rails 6.1, ActionView adds preload links for javascript files
in the Links header per default.
In our case, that will bloat headers too much and potentially cause
issues with reverse proxies. Furhermore, we don't need those links,
as we already output them as HTML link tags.
* Switch to Rails 6.0 default config
* Switch to Rails 6.1 default config
* Do not include autoload paths in the load path
|
|
Fixes #5551
|
|
* Fix ComposeForm being mounted twice in mobile view
Fixes #13094
* Fix compose form focus and pre-selection behavior in mobile view
* Split _updateFocusAndSelection out of componentDidUpdate
|
|
* Bump react-select from 3.2.0 to 4.0.2
Bumps [react-select](https://github.com/JedWatson/react-select) from 3.2.0 to 4.0.2.
- [Release notes](https://github.com/JedWatson/react-select/releases)
- [Changelog](https://github.com/JedWatson/react-select/blob/master/docs/CHANGELOG.md)
- [Commits](https://github.com/JedWatson/react-select/compare/react-select@3.2.0...react-select@4.0.2)
Signed-off-by: dependabot[bot] <support@github.com>
* Add cacheKey to NonceProvider for react-select
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
|
|
As far as I understand, the brakeman warning was a false-positive as
`content_tag` properly escapes untrusted HTML. Furthermore, the interpolated
string values are built from the “username” part of accounts, which is
restricted to a small subset of ASCII that precludes any XML entity or HTML
code.
This proposed change should be functionally equivalent to the current code,
however it is slightly more robust, it's more idiomatic, and Brakeman will
stop complaining about it.
|
|
* Bypass MX validation for explicitly allowed domains
This spares some lookups and prevent issues in some edge cases with
local domains.
* Add tests
* Fix test
|
|
* Removing last-child padding conflicts with light theme in hero widget
* Add missing background color to widget
* Reset widget.scss to default
* Hope this works
Co-authored-by: koyu <me@koyu.space>
|
|
|
|
|
|
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
|
|
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
|
|
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
|
|
|
|
Port 55ac2b9c6085def9e692fa69b849239c1249d9fd to glitch-soc
|
|
|
|
* Improve account counters handling
* Use ActiveRecord::Base::sanitize_sql to pass values instead of interpolating them
Keep using string interpolation for `key` as it is safe and using
“ActiveRecord::Base::sanitize_sql_hash_for_assignment” would require stitching
bits of SQL in a way that is not more easily checked for safety.
* Add migration hook to catch PostgreSQL versions earlier than 9.5
|
|
* Use ActiveRecord::Result#to_ary instead of deprecated to_hash
They do the same thing, and to_hash has been removed from Rails 6.1
* Explicitly name polymorphic indexes to workaround a bug in Rails 6.1
cf. https://github.com/rails/rails/issues/41693
* Fix incorrect usage of “foreign_key” in migration script
* Use `ActiveModel::Errors#delete` instead of deprecated clear method
* Fix link headers tests on Rails 6.1
Rails 6.1 adds values to the Link header by default, thus it is not a
LinkHeader object anymore. Fix the test to parse the Link header instead
of assuming it is a LinkHeader.
|
|
Fixes #15133
|
|
* Prepare Mastodon for zeitwerk autoloader (Rails 6)
Add inflections and rename/move a few classes.
In particular, app/lib/exceptions.rb and app/lib/sanitize_config.rb
were manually loaded while still in autoload paths.
* Add inflection for Url → URL
|
|
* Fix cache_collection crashing when given an empty collection
* Add tests
|
|
* Fix misuse of foreign_type
* Fix use of removed "add_template_helper"
* Use response.media_type instead of response.content_type in tests
* Fix CSV export controller test on Rails 6
Rails 6 sets a "filename*" field in the Content-Disposition header to
explicitly encode the filename as UTF-8.
This changes checks the first part of the Content-Disposition header so
it matches in both Rails 5 and Rails 6.
* Fix emoji formatting with Rails 6
* Make emoji output more idiomatic and robust
* Switch from redis-rails gem to built-in Rails redis cache storage
|
|
|
|
Remove locks from scheduled jobs
|
|
The exports page showed a different "CSV" capitalisation in the
"Bookmarks" row ("Csv") compared to the other rows ("CSV").
This was due to a referece to a translation string that does not exist,
`bookmarks.csv`, defaulting to the key's last segment in title case.
This issue was introduced in commit dcd86204 (PR #14956).
(h/t @meqif for helping with figuring out the bug)
|
|
|
|
(#15858)
Fixes #15849
|
|
|
|
Conflicts:
- `app/validators/status_length_validator.rb`:
Conflict due to glitch-soc's configurable maximum toot chars.
Ported upstream changes.
|
|
|
|
|
|
* Add tests
* Fix URL scanning in note length validator and preview card fetching
|
|
Port 65db2625508c220fd3c0a1f37cdd2e13b6e02987 to glitch-soc
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
|
|
Port a8139ab0160096d09d83e8d3f9c7849129be1aa8 to glitch-soc
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
|
|
Port 0635c8760dfdfeb3d763f1d1ae6cf5a208b29b6c to glitch-soc
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
|
|
Conflicts:
- `app/validators/status_length_validator.rb`:
Upstream changes too close to glitch-soc MAX_CHARS changes, but not a real
conflict.
Applied upstream changes.
- `package.json`:
glitch-soc-only dependency textually too close to a dependency updated
upstream, not a real conflict.
Applied upstream changes.
|
|
* Update twitter-text from 1.14 to 3.1.0
* Disable emoji parsing
* Properly depend on twitter-text for url detection
* Fix some URLs being wrongly detected client-side
* Add test for server-side validation of non-autolinkable URLs
* Fix server-side status length counting
|