From c6c7c6223d92fb43033735d2b754dd360feaf3d9 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 10 Nov 2022 21:09:03 +0100 Subject: Change verification to only work for https links (#20304) Fix #20242 --- app/models/account/field.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/models') diff --git a/app/models/account/field.rb b/app/models/account/field.rb index d74f90b2b..e84a0eeb1 100644 --- a/app/models/account/field.rb +++ b/app/models/account/field.rb @@ -3,7 +3,7 @@ class Account::Field < ActiveModelSerializers::Model MAX_CHARACTERS_LOCAL = 255 MAX_CHARACTERS_COMPAT = 2_047 - ACCEPTED_SCHEMES = %w(http https).freeze + ACCEPTED_SCHEMES = %w(https).freeze attributes :name, :value, :verified_at, :account -- cgit From 86f6631d283423746b8fdf0a618f6e0abafea099 Mon Sep 17 00:00:00 2001 From: Claire Date: Thu, 10 Nov 2022 22:30:00 +0100 Subject: Remove dead code and refactor status threading code (#20357) * Remove dead code * Remove unneeded/broken parameters and refactor descendant computation --- app/controllers/api/v1/statuses_controller.rb | 2 +- .../concerns/status_controller_concern.rb | 87 ---------------------- app/controllers/statuses_controller.rb | 1 - app/models/concerns/status_threading_concern.rb | 21 ++---- 4 files changed, 9 insertions(+), 102 deletions(-) delete mode 100644 app/controllers/concerns/status_controller_concern.rb (limited to 'app/models') diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb index b43b6f1a7..6290a1746 100644 --- a/app/controllers/api/v1/statuses_controller.rb +++ b/app/controllers/api/v1/statuses_controller.rb @@ -40,7 +40,7 @@ class Api::V1::StatusesController < Api::BaseController end ancestors_results = @status.in_reply_to_id.nil? ? [] : @status.ancestors(ancestors_limit, current_account) - descendants_results = @status.descendants(descendants_limit, current_account, nil, nil, descendants_depth_limit) + descendants_results = @status.descendants(descendants_limit, current_account, descendants_depth_limit) loaded_ancestors = cache_collection(ancestors_results, Status) loaded_descendants = cache_collection(descendants_results, Status) diff --git a/app/controllers/concerns/status_controller_concern.rb b/app/controllers/concerns/status_controller_concern.rb deleted file mode 100644 index 62a7cf508..000000000 --- a/app/controllers/concerns/status_controller_concern.rb +++ /dev/null @@ -1,87 +0,0 @@ -# frozen_string_literal: true - -module StatusControllerConcern - extend ActiveSupport::Concern - - ANCESTORS_LIMIT = 40 - DESCENDANTS_LIMIT = 60 - DESCENDANTS_DEPTH_LIMIT = 20 - - def create_descendant_thread(starting_depth, statuses) - depth = starting_depth + statuses.size - - if depth < DESCENDANTS_DEPTH_LIMIT - { - statuses: statuses, - starting_depth: starting_depth, - } - else - next_status = statuses.pop - - { - statuses: statuses, - starting_depth: starting_depth, - next_status: next_status, - } - end - end - - def set_ancestors - @ancestors = @status.reply? ? cache_collection(@status.ancestors(ANCESTORS_LIMIT, current_account), Status) : [] - @next_ancestor = @ancestors.size < ANCESTORS_LIMIT ? nil : @ancestors.shift - end - - def set_descendants - @max_descendant_thread_id = params[:max_descendant_thread_id]&.to_i - @since_descendant_thread_id = params[:since_descendant_thread_id]&.to_i - - descendants = cache_collection( - @status.descendants( - DESCENDANTS_LIMIT, - current_account, - @max_descendant_thread_id, - @since_descendant_thread_id, - DESCENDANTS_DEPTH_LIMIT - ), - Status - ) - - @descendant_threads = [] - - if descendants.present? - statuses = [descendants.first] - starting_depth = 0 - - descendants.drop(1).each_with_index do |descendant, index| - if descendants[index].id == descendant.in_reply_to_id - statuses << descendant - else - @descendant_threads << create_descendant_thread(starting_depth, statuses) - - # The thread is broken, assume it's a reply to the root status - starting_depth = 0 - - # ... unless we can find its ancestor in one of the already-processed threads - @descendant_threads.reverse_each do |descendant_thread| - statuses = descendant_thread[:statuses] - - index = statuses.find_index do |thread_status| - thread_status.id == descendant.in_reply_to_id - end - - if index.present? - starting_depth = descendant_thread[:starting_depth] + index + 1 - break - end - end - - statuses = [descendant] - end - end - - @descendant_threads << create_descendant_thread(starting_depth, statuses) - end - - @max_descendant_thread_id = @descendant_threads.pop[:statuses].first.id if descendants.size >= DESCENDANTS_LIMIT - end -end diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb index bb4e5b01f..9eb7ad691 100644 --- a/app/controllers/statuses_controller.rb +++ b/app/controllers/statuses_controller.rb @@ -2,7 +2,6 @@ class StatusesController < ApplicationController include WebAppControllerConcern - include StatusControllerConcern include SignatureAuthentication include Authorization include AccountOwnedConcern diff --git a/app/models/concerns/status_threading_concern.rb b/app/models/concerns/status_threading_concern.rb index 5c04108e4..8b628beea 100644 --- a/app/models/concerns/status_threading_concern.rb +++ b/app/models/concerns/status_threading_concern.rb @@ -7,8 +7,8 @@ module StatusThreadingConcern find_statuses_from_tree_path(ancestor_ids(limit), account) end - def descendants(limit, account = nil, max_child_id = nil, since_child_id = nil, depth = nil) - find_statuses_from_tree_path(descendant_ids(limit, max_child_id, since_child_id, depth), account, promote: true) + def descendants(limit, account = nil, depth = nil) + find_statuses_from_tree_path(descendant_ids(limit, depth), account, promote: true) end def self_replies(limit) @@ -50,22 +50,17 @@ module StatusThreadingConcern SQL end - def descendant_ids(limit, max_child_id, since_child_id, depth) - descendant_statuses(limit, max_child_id, since_child_id, depth).pluck(:id) - end - - def descendant_statuses(limit, max_child_id, since_child_id, depth) + def descendant_ids(limit, depth) # use limit + 1 and depth + 1 because 'self' is included depth += 1 if depth.present? limit += 1 if limit.present? - descendants_with_self = Status.find_by_sql([<<-SQL.squish, id: id, limit: limit, max_child_id: max_child_id, since_child_id: since_child_id, depth: depth]) - WITH RECURSIVE search_tree(id, path) - AS ( + descendants_with_self = Status.find_by_sql([<<-SQL.squish, id: id, limit: limit, depth: depth]) + WITH RECURSIVE search_tree(id, path) AS ( SELECT id, ARRAY[id] FROM statuses - WHERE id = :id AND COALESCE(id < :max_child_id, TRUE) AND COALESCE(id > :since_child_id, TRUE) - UNION ALL + WHERE id = :id + UNION ALL SELECT statuses.id, path || statuses.id FROM search_tree JOIN statuses ON statuses.in_reply_to_id = search_tree.id @@ -77,7 +72,7 @@ module StatusThreadingConcern LIMIT :limit SQL - descendants_with_self - [self] + descendants_with_self.pluck(:id) - [id] end def find_statuses_from_tree_path(ids, account, promote: false) -- cgit From 9bc0a6c861e07d0112ef2e5ccd28adeca868bdbe Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Fri, 11 Nov 2022 09:20:10 +0100 Subject: Fix metadata scrubbing removing color profile from images (#20389) --- app/models/concerns/account_avatar.rb | 2 +- app/models/concerns/account_header.rb | 2 +- app/models/custom_emoji.rb | 2 +- app/models/media_attachment.rb | 2 +- app/models/preview_card.rb | 4 ++-- app/models/preview_card_provider.rb | 2 +- app/models/site_upload.rb | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) (limited to 'app/models') diff --git a/app/models/concerns/account_avatar.rb b/app/models/concerns/account_avatar.rb index 0cfd9167c..e9b8b4adb 100644 --- a/app/models/concerns/account_avatar.rb +++ b/app/models/concerns/account_avatar.rb @@ -18,7 +18,7 @@ module AccountAvatar included do # Avatar upload - has_attached_file :avatar, styles: ->(f) { avatar_styles(f) }, convert_options: { all: '-strip' }, processors: [:lazy_thumbnail] + has_attached_file :avatar, styles: ->(f) { avatar_styles(f) }, convert_options: { all: '+profile "!icc,*" +set modify-date +set create-date' }, processors: [:lazy_thumbnail] validates_attachment_content_type :avatar, content_type: IMAGE_MIME_TYPES validates_attachment_size :avatar, less_than: LIMIT remotable_attachment :avatar, LIMIT, suppress_errors: false diff --git a/app/models/concerns/account_header.rb b/app/models/concerns/account_header.rb index a8c0a28ef..0d197abfc 100644 --- a/app/models/concerns/account_header.rb +++ b/app/models/concerns/account_header.rb @@ -19,7 +19,7 @@ module AccountHeader included do # Header upload - has_attached_file :header, styles: ->(f) { header_styles(f) }, convert_options: { all: '-strip' }, processors: [:lazy_thumbnail] + has_attached_file :header, styles: ->(f) { header_styles(f) }, convert_options: { all: '+profile "!icc,*" +set modify-date +set create-date' }, processors: [:lazy_thumbnail] validates_attachment_content_type :header, content_type: IMAGE_MIME_TYPES validates_attachment_size :header, less_than: LIMIT remotable_attachment :header, LIMIT, suppress_errors: false diff --git a/app/models/custom_emoji.rb b/app/models/custom_emoji.rb index 7b19cd2ac..304805659 100644 --- a/app/models/custom_emoji.rb +++ b/app/models/custom_emoji.rb @@ -37,7 +37,7 @@ class CustomEmoji < ApplicationRecord belongs_to :category, class_name: 'CustomEmojiCategory', optional: true has_one :local_counterpart, -> { where(domain: nil) }, class_name: 'CustomEmoji', primary_key: :shortcode, foreign_key: :shortcode - has_attached_file :image, styles: { static: { format: 'png', convert_options: '-coalesce -strip' } }, validate_media_type: false + has_attached_file :image, styles: { static: { format: 'png', convert_options: '-coalesce +profile "!icc,*" +set modify-date +set create-date' } }, validate_media_type: false before_validation :downcase_domain diff --git a/app/models/media_attachment.rb b/app/models/media_attachment.rb index a6e090f4c..7aa8658d9 100644 --- a/app/models/media_attachment.rb +++ b/app/models/media_attachment.rb @@ -167,7 +167,7 @@ class MediaAttachment < ApplicationRecord }.freeze GLOBAL_CONVERT_OPTIONS = { - all: '-quality 90 -strip +set modify-date +set create-date', + all: '-quality 90 +profile "!icc,*" +set modify-date +set create-date', }.freeze belongs_to :account, inverse_of: :media_attachments, optional: true diff --git a/app/models/preview_card.rb b/app/models/preview_card.rb index b5d3f9c8f..56ca62d5e 100644 --- a/app/models/preview_card.rb +++ b/app/models/preview_card.rb @@ -50,7 +50,7 @@ class PreviewCard < ApplicationRecord has_and_belongs_to_many :statuses has_one :trend, class_name: 'PreviewCardTrend', inverse_of: :preview_card, dependent: :destroy - has_attached_file :image, processors: [:thumbnail, :blurhash_transcoder], styles: ->(f) { image_styles(f) }, convert_options: { all: '-quality 80 -strip' }, validate_media_type: false + has_attached_file :image, processors: [:thumbnail, :blurhash_transcoder], styles: ->(f) { image_styles(f) }, convert_options: { all: '-quality 90 +profile "!icc,*" +set modify-date +set create-date' }, validate_media_type: false validates :url, presence: true, uniqueness: true validates_attachment_content_type :image, content_type: IMAGE_MIME_TYPES @@ -122,7 +122,7 @@ class PreviewCard < ApplicationRecord original: { geometry: '400x400>', file_geometry_parser: FastGeometryParser, - convert_options: '-coalesce -strip', + convert_options: '-coalesce', blurhash: BLURHASH_OPTIONS, }, } diff --git a/app/models/preview_card_provider.rb b/app/models/preview_card_provider.rb index 15b24e2bd..d61fe6020 100644 --- a/app/models/preview_card_provider.rb +++ b/app/models/preview_card_provider.rb @@ -25,7 +25,7 @@ class PreviewCardProvider < ApplicationRecord validates :domain, presence: true, uniqueness: true, domain: true - has_attached_file :icon, styles: { static: { format: 'png', convert_options: '-coalesce -strip' } }, validate_media_type: false + has_attached_file :icon, styles: { static: { format: 'png', convert_options: '-coalesce +profile "!icc,*" +set modify-date +set create-date' } }, validate_media_type: false validates_attachment :icon, content_type: { content_type: ICON_MIME_TYPES }, size: { less_than: LIMIT } remotable_attachment :icon, LIMIT diff --git a/app/models/site_upload.rb b/app/models/site_upload.rb index d3b81d4d5..167131fdd 100644 --- a/app/models/site_upload.rb +++ b/app/models/site_upload.rb @@ -40,7 +40,7 @@ class SiteUpload < ApplicationRecord mascot: {}.freeze, }.freeze - has_attached_file :file, styles: ->(file) { STYLES[file.instance.var.to_sym] }, convert_options: { all: '-coalesce -strip' }, processors: [:lazy_thumbnail, :blurhash_transcoder, :type_corrector] + has_attached_file :file, styles: ->(file) { STYLES[file.instance.var.to_sym] }, convert_options: { all: '-coalesce +profile "!icc,*" +set modify-date +set create-date' }, processors: [:lazy_thumbnail, :blurhash_transcoder, :type_corrector] validates_attachment_content_type :file, content_type: /\Aimage\/.*\z/ validates :file, presence: true -- cgit From 96f51e593f2609579b8155d971bcbc5ab9e7cd4c Mon Sep 17 00:00:00 2001 From: Emily Strickland Date: Fri, 11 Nov 2022 12:22:28 -0800 Subject: Guard against error extracting `body` from URL (#20428) If `Nokogiri::HTML(value).at_xpath('//body')` fails to find the `body` element, it will return `nil`. We can guard against that with an early return. Avoids calling `children` on `Nilclass` in those cases. --- app/models/account/field.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'app/models') diff --git a/app/models/account/field.rb b/app/models/account/field.rb index e84a0eeb1..ffc8dce80 100644 --- a/app/models/account/field.rb +++ b/app/models/account/field.rb @@ -76,6 +76,7 @@ class Account::Field < ActiveModelSerializers::Model def extract_url_from_html doc = Nokogiri::HTML(value).at_xpath('//body') + return if doc.nil? return if doc.children.size > 1 element = doc.children.first -- cgit From c4c1bee8807e3548ff1f2b231a3cca647d9e8a62 Mon Sep 17 00:00:00 2001 From: Jeong Arm Date: Sat, 12 Nov 2022 05:24:10 +0900 Subject: Fix trendable status without review (#20214) --- app/models/account.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/models') diff --git a/app/models/account.rb b/app/models/account.rb index cc3a8f3df..fc7359cfc 100644 --- a/app/models/account.rb +++ b/app/models/account.rb @@ -256,7 +256,7 @@ class Account < ApplicationRecord update!(memorial: true) end - def trendable + def trendable? boolean_with_default('trendable', Setting.trendable_by_default) end -- cgit