From 13b07b88f1aa79c31291473362ac77b31602c374 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Sat, 28 Nov 2020 05:17:53 +0100 Subject: Fix omniauth (SAML/CAS) sign-in routes not having CSRF protection (#15228) --- app/views/auth/sessions/new.html.haml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'app/views') diff --git a/app/views/auth/sessions/new.html.haml b/app/views/auth/sessions/new.html.haml index ceb169408..9713bdaeb 100644 --- a/app/views/auth/sessions/new.html.haml +++ b/app/views/auth/sessions/new.html.haml @@ -22,7 +22,6 @@ .actions - resource_class.omniauth_providers.each do |provider| - = link_to omniauth_authorize_path(resource_name, provider), class: "button button-#{provider}" do - = t("auth.providers.#{provider}", default: provider.to_s.chomp("_oauth2").capitalize) + = link_to t("auth.providers.#{provider}", default: provider.to_s.chomp("_oauth2").capitalize), omniauth_authorize_path(resource_name, provider), class: "button button-#{provider}", method: :post .form-footer= render 'auth/shared/links' -- cgit From d849aad85206bff2058fbbd9e187b0048c793cb9 Mon Sep 17 00:00:00 2001 From: ThibG Date: Wed, 2 Dec 2020 21:21:44 +0100 Subject: Change public thread view to hide "Show thread" link (#15266) Fixes #15262 --- app/views/statuses/_simple_status.html.haml | 5 ++++- app/views/statuses/_status.html.haml | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'app/views') diff --git a/app/views/statuses/_simple_status.html.haml b/app/views/statuses/_simple_status.html.haml index 192192700..d60ade22f 100644 --- a/app/views/statuses/_simple_status.html.haml +++ b/app/views/statuses/_simple_status.html.haml @@ -1,3 +1,6 @@ +:ruby + hide_show_thread ||= false + .status{ class: "status-#{status.visibility}" } .status__info = link_to ActivityPub::TagManager.instance.url_for(status), class: 'status__relative-time u-url u-uid', target: stream_link_target, rel: 'noopener noreferrer' do @@ -47,7 +50,7 @@ - elsif status.preview_card = react_component :card, sensitive: sensitized?(status, current_account), 'maxDescription': 160, card: ActiveModelSerializers::SerializableResource.new(status.preview_card, serializer: REST::PreviewCardSerializer).as_json - - if !status.in_reply_to_id.nil? && status.in_reply_to_account_id == status.account.id + - if !status.in_reply_to_id.nil? && status.in_reply_to_account_id == status.account.id && !hide_show_thread = link_to ActivityPub::TagManager.instance.url_for(status), class: 'status__content__read-more-button', target: stream_link_target, rel: 'noopener noreferrer' do = t 'statuses.show_thread' diff --git a/app/views/statuses/_status.html.haml b/app/views/statuses/_status.html.haml index 650f9b679..13a06519c 100644 --- a/app/views/statuses/_status.html.haml +++ b/app/views/statuses/_status.html.haml @@ -39,7 +39,7 @@ %span = t('stream_entries.pinned') - = render (centered ? 'statuses/detailed_status' : 'statuses/simple_status'), status: status.proper, autoplay: autoplay + = render (centered ? 'statuses/detailed_status' : 'statuses/simple_status'), status: status.proper, autoplay: autoplay, hide_show_thread: is_predecessor || is_successor - if include_threads - if @since_descendant_thread_id -- cgit