| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
* Fix email with empty domain name labels passing validation
`EmailMxValidator` would allow empty labels because `Resolv::DNS` is
particularly lenient about them, but the email would be invalid and
unusable.
* Add tests
|
|
* Add tests
* Fix account activation being triggered before email confirmation
Fixes #23098
|
|
* Suppress AddressFamilyError
* clarify comment
|
|
* Add missing `policy` attribute to `WebPushSubscriptionSerializer`
Fixes #23145
* Add tests
|
|
Conflicts:
- `config/i18n-tasks.yml`:
Upstream added new ignored strings, glitch-soc has extra ignored strings
because of the theming system.
Added upstream's changes.
|
|
* Return specific error on failure to parse Date header
* Add error message when preferredUsername is not set
* Change error report to be JSON and include more details
* Change error report to differentiate unknown account and failed refresh
* Add tests
|
|
* Add confirmation screen on moderation actions
* Add flash notice when a report has been processed
* Refactor tests
* Add tests
|
|
statuses (#20878)
* Add backend support for editing media attachments of existing posts
* Allow editing media attachments of already-posted toots
* Add tests
|
|
* Change domain block CSV parsing to be more robust and handle more lists
* Add some tests
* Improve domain block import validation and reporting
|
|
Conflicts:
- `app/views/layouts/mailer.html.haml`:
Upstream removed a line close to one modified by glitch-soc.
Removed the line as upstream did.
|
|
(#22134)
* Do not offer to mark statuses as sensitive if there is no undeleted status with media attachments
* Fix crash when marking statuses as sensitive while some statuses are deleted
Fixes #21910
* Fix multiple strikes being created for a single report when selecting “Mark as sensitive”
* Add tests
|
|
Conflicts:
- `app/models/status.rb`:
Minor upstream refactor moved hook definitions around,
and glitch-soc has an extra `before_create`.
Moved the `before_create` accordingly.
- `app/services/batched_remove_status_service.rb`:
Minor upstream refactor changed a block in which glitch-soc
had one extra call to handle direct timelines.
Adapted changes to keep glitch-soc's extra call.
|
|
(#22558)
|
|
* fix: allow verification when page size exceeds 1MB
Truncates the page after 1MB instead
Closes #15316
* switch to HTML5 parser, fix rubocop errors
* undo rubocop fixes
Co-authored-by: Chris Zubak-Skees <chriszs@gmail.com>
|
|
Conflicts:
- `README.md`:
Upstream updated its README, while we have a completely different one.
Kept our README.
- `app/controllers/concerns/web_app_controller_concern.rb`:
Conflict because of glitch-soc's theming system.
Additionally, glitch-soc has different behavior regarding moved accounts.
Ported some of the changes, but kept our overall behavior.
- `app/javascript/packs/admin.js`:
Code changes actually applied to `app/javascript/core/admin.js`
|
|
* Fix possible race conditions when suspending/unsuspending accounts
* Fix tests
Tests were assuming SuspensionWorker and UnsuspensionWorker would do the
suspending/unsuspending themselves, but this has changed.
|
|
* Fix home tl contains post from who blocked me
* Add test
* Fix feed_manager's build_crutches
blocked_by was not includes status' owner
* Add test for status from I blocked
* Fix typo
|
|
* Fix ・ detection in hashtag regex to construct hashtag correctly
* Fixed rubocop liniting issues
* More rubocop linting fix
|
|
Conflicts:
- `README.md`:
Discarded upstream changes: we have our own README
- `app/controllers/follower_accounts_controller.rb`:
Port upstream's minor refactoring
|
|
* Add requested_by to relationship maps
* Display whether an account has requested to follow you on their profile
|
|
(#22135)
* Fix changing domain block severity not undoing individual account effects
Fixes #22133
* Add tests
|
|
* Save avatar or header correctly if other one fails
* Fix test
|
|
* Use Rails tag API to build RSS feed for spoilers and polls
While the previous method did not contain a bug or a potential issue,
the tag API can be very resilient against future problems and reduces the
amount of manual management of the escape status of the content.
I've added tests to ensure that the formatting is broken and still
escapes control characters correctly.
* this seems cleaner and passes
* Incorporate feedback by moving the br to its own line and using the tag helper over the string constant for the br tag itself
* whoops, tag helper doesn't use a self-closing tag
|
|
enviroment -> environment
|
|
* Clear sessions on password change
* Rename User::clear_sessions to revoke_access for a clearer meaning
* Add reset paassword controller test
* Use User.find instead of User.find_for_authentication for reset password test
* Use redirect and render for better test meaning in reset password
Co-authored-by: Effy Elden <effy@effy.space>
|
|
* add json-schema to :test in Gemfile
* Create node_info_2.0_schema.json
* test match_response_schema
* Create match_response_schema.rb
* Update nodeinfo_controller_spec.rb
* Rename spec/support/node_info_2.0_schema.json to spec/support/schema/node_info_2.0_schema.json
* Update match_response_schema.rb
* cleanup
* additionally validate the json schema itself
disable throwing errors
test the schema matcher
* rename nodeinfo schema to nodeinfo_2.0
* use Rails.root.join to construct the path
* prettify json
* sync Gemfile.lock
|
|
Conflicts:
- `app/models/concerns/domain_materializable.rb`:
Fixed a code style issue upstream in a PR that got merged in glitch-soc
earlier.
Changed the code to match upstream's.
|
|
* Fix 500 error when trying to migrate to an invalid address
* Add tests
|
|
* Log admin approve and reject account
* Add unit tests for approve and reject logging
|
|
* Fix trying to fetch posts from other users when fetching featured posts
* Rate-limit discovery of new subdomains
* Put a limit on recursively discovering new accounts
|
|
Fixes #21965
|
|
* Fix trying to fetch posts from other users when fetching featured posts
* Rate-limit discovery of new subdomains
* Put a limit on recursively discovering new accounts
|
|
* Use a tree‐based approach for adv. text formatting
Sanitizing HTML/Markdown means parsing the content into an HTML tree
under‐the‐hood anyway, and it is more accurate to do mention/hashtag
replacement on the text nodes in that tree than it is to try to hack it
in with regexes et cetera.
This undoes the overrides of `#entities` and `#rewrite` on
`AdvancedTextFormatter` but also stops using them, instead keeping
track of the parsed Nokogiri tree itself and using that in the `#to_s`
method.
Internally, this tree uses `<mastodon-entity>` nodes to keep track of
hashtags, links, and mentions. Sanitization is moved to the beginning,
so it should be known that these do not appear in the input.
* Also disallow entities inside of `<code>`
I think this is generally expected behaviour, and people are annoyed
when their code gets turned into links/hashtags/mentions.
* Minor cleanup to AdvancedTextFormatter
* Change AdvancedTextFormatter to rewrite entities in one pass and sanitize at the end
Also, minor refactoring to better match how other formatters are organized.
* Add some tests
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
|
Conflicts:
- `README.md`:
Our README is completely different.
Discarded upstream changes.
|
|
* Fix attachments of edited statuses not being fetched
* Fix tests
|
|
|
|
Fixes regression from #20860
|
|
* Don't allow URLs that contain non-normalized paths to be verified
This stops things like https://example.com/otheruser/../realuser where
"/otheruser" appears to be the verified URL, but the actual URL being
verified is "/realuser" due to the "/../".
Also fix a test to use 'https', so it is testing the right thing, now
that since #20304 https is required.
* missing do
|
|
Conflicts:
- `.github/workflows/build-image.yml`:
Upstream changed how docker images were built, including how
they were cached.
I don't know much about it, so applied upstream's changes.
- `app/controllers/admin/domain_blocks_controller.rb`:
The feature, that was in glitch-soc, got backported upstream.
It also had a few fixes upstream, so those have been ported!
- `app/javascript/packs/admin.js`:
Glitch-soc changes have been backported upstream. As a result,
some code from `app/javascript/core/admin.js` got added upstream.
Kept our version since our shared Javascript already has that feature.
- `app/models/user.rb`:
Upstream added something to distinguish unusable and unusable-because-moved
accounts, while glitch-soc considers moved accounts usable.
Took upstream's code for `functional_or_moved?` and made `functional?`
call it.
- `app/views/statuses/_simple_status.html.haml`:
Upstream cleaned up code style a bit, on a line that we had custom changes
for.
Applied upstream's change while keeping our change.
- `config/initializers/content_security_policy.rb`:
Upstream adopted one CSP directive we already had.
The conflict is because of our files being structurally different, but the
change itself was already part of glitch-soc.
Kept our version.
|
|
* Fix style for hashes
Make the style for hashes consistent.
* New style
More consistency
|
|
additional fixes (#20597)
* Allow import/export of instance-level domain blocks/allows (#1754)
* Allow import/export of instance-level domain blocks/allows.
Fixes #15095
* Pacify circleci
* Address simple code review feedback
* Add headers to exported CSV
* Extract common import/export functionality to
AdminExportControllerConcern
* Add additional fields to instance-blocked domain export
* Address review feedback
* Split instance domain block/allow import/export into separate pages/controllers
* Address code review feedback
* Pacify DeepSource
* Work around Paperclip::HasAttachmentFile for Rails 6
* Fix deprecated API warning in export tests
* Remove after_commit workaround
(cherry picked from commit 94e98864e39c010635e839fea984f2b4893bef1a)
* Add confirmation page when importing blocked domains (#1773)
* Move glitch-soc-specific strings to glitch-soc-specific locale files
* Add confirmation page when importing blocked domains
(cherry picked from commit b91196f4b73fff91997b8077619ae25b6d04a59e)
* Fix authorization check in domain blocks controller
(cherry picked from commit 75279377583c6e2aa04cc8d7380c593979630b38)
* Fix error strings for domain blocks and email-domain blocks
Corrected issue with non-error message used for Mastodon:NotPermittedError in Domain Blocks
Corrected issue Domain Blocks using the Email Domain Blocks message on ActionContoller::ParameterMissing
Corrected issue with Email Domain Blocks using the not_permitted string from "custom emojii's"
* Ran i18n-tasks normalize to address test failure
* Removed unused admin.export_domain_blocks.not_permitted string
Removing unused string as indicated by Check i18n
* Fix tests
(cherry picked from commit 9094c2f52c24e1c00b594e7c11cd00e4a07eb431)
* Fix domain block export not exporting blocks with only media rejection
(cherry picked from commit 26ff48ee48a5c03a2a4b0bd03fd322529e6bd960)
* Fix various issues with domain block import
- stop using Paperclip for processing domain allow/block imports
- stop leaving temporary files
- better error handling
- assume CSV files are UTF-8-encoded
(cherry picked from commit cad824d8f501b95377e4f0a957e5a00d517a1902)
Co-authored-by: Levi Bard <taktaktaktaktaktaktaktaktaktak@gmail.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
|
Before this change, the following error would cause VerifyAccountLinksWorker to fail:
NoMethodError: undefined method `downcase' for nil:NilClass
[PROJECT_ROOT]/app/services/verify_link_service.rb:31 :in `block in link_back_present?`
|
|
Conflicts:
- `Gemfile`:
Upstream removed blank lines.
|
|
|
|
Conflicts:
- `app/views/admin/announcements/edit.html.haml`:
Upstream change too close to theming-related glitch-soc change.
Ported upstream changes.
- `app/views/admin/announcements/new.html.haml`
Upstream change too close to theming-related glitch-soc change.
Ported upstream changes.
|
|
* Move V2 Filter methods under /api/v2 prefix
* move over the tests too
|
|
Fix #19175
|
