Commit graph

5483 commits

Author SHA1 Message Date
Thibaut Girka
0631c9ed7c [Glitch] Fixes 8987 broken alignment at "Remote interaction dialog"
Port 024326e6e6 to glitch-soc
2018-10-22 18:31:50 +02:00
Thibaut Girka
d779b09ed7 [Glitch] RTL: fix admin account margins in about page
Port 3d51268c4c to glitch-soc
2018-10-22 18:31:50 +02:00
Thibaut Girka
d804ed1dd4 [Glitch] undo part of PR 8202 to fix RTL
Port 96696a40ff to glitch-soc
2018-10-22 18:22:01 +02:00
Thibaut Girka
2ecd3d97ba [Glitch] Improve style of notice/alert messages
Port ce6772690f to glitch-soc
2018-10-22 18:20:43 +02:00
Thibaut Girka
415822a849 Keep new DMs in home feeds and in the old DM timeline
Revert server-side part of 8efdf1a898
2018-10-22 18:15:51 +02:00
Thibaut Girka
46259a36d0 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- .github/ISSUE_TEMPLATE/bug_report.md
  Took our version.
- CONTRIBUTING.md
  Updated the embedded copy of upstream's version.
- README.md
  Took our version.
- app/policies/status_policy.rb
  Not a real conflict, took code from both.
- app/views/layouts/embedded.html.haml
  Added upstream's changes (dns-prefetch) and fixed
  `%body.embed`
- app/views/settings/preferences/show.html.haml
  Reverted some of upstream changes, as we have a
  page dedicated for flavours and skins.
- config/initializers/content_security_policy.rb
  Kept our version of the CSP.
- config/initializers/doorkeeper.rb
  Not a real conflict, took code from both.
2018-10-22 17:51:38 +02:00
Masoud Abkenar
4bfec4b32d RTL: remove blank character inside bdi (#9038)
* RTL: remove blank character inside bdi

* Update app/javascript/mastodon/components/display_name.js

Co-Authored-By: mabkenar <ampbox@gmail.com>
2018-10-22 01:04:32 +02:00
ThibG
f14067368f Fix og:url on toots' public view (#9047)
Fixes #9045
2018-10-21 22:52:10 +02:00
Masoud Abkenar
eb62f72990 RTL: fix cardbar margins and alignment (#9044) 2018-10-21 18:37:57 +02:00
Masoud Abkenar
a105bf8516 RTL: fix admin account avatar margin in about page (#9039)
* RTL: fix admin account avatar margin in about page

* fix code style
2018-10-21 16:45:08 +02:00
Thibaut Girka
085c41ebf2 Put a video camera emoji or a picture frame emoji instead of “.”
This uses the same logic as the status icons in the glitch flavor.
2018-10-21 16:09:18 +02:00
Thibaut Girka
88cd14802d Do not move CWs to toot body when toot body is empty
Fixes #395

Instead of leaving the toot body blank, it replaces it with a single “.” in
order for the fold/unfold CW behavior to not look *too* weird on upstream
Mastodon. Note that this does not fix upstream's CW-dropping behavior, as
that is decided at the time the toot is posted, not received.
2018-10-21 16:09:18 +02:00
Thibaut Girka
3d8c1f6104 Attempt at fixing inline video player 2018-10-21 16:09:07 +02:00
Thibaut Girka
9614abc713 Update mediaGallery component's width when opening CWs 2018-10-21 16:09:07 +02:00
Masoud Abkenar
26c662792c RTL: fix column settings toggle label (#9037) 2018-10-21 20:31:40 +09:00
kedama
45b8a91983 Fix domain label position and color (#9033)
* Fix position of the domain label

* Fix position of the domain label for RTL

- Fix color mismatch of linear gradient which assigned to "::after" pseudo class
2018-10-21 14:35:25 +09:00
Thibaut Girka
8c2027ebe2 Force sensitive content flag when posting a toot with a CW
Indeed, when the “Always enable the Content Warning field” setting is enabled,
sending a content-less toot with a CW would move the CW to the toot's content
and leave the toot not marked as sensitive.
2018-10-20 17:06:21 +02:00
Thibaut Girka
1cb7fe932d Focus the UI when pressing Escape in the CW field 2018-10-20 15:00:39 +02:00
Eugen Rochko
40d23fc4d1 Add option to block reports from domain (#8830) 2018-10-20 08:02:44 +02:00
Eugen Rochko
9ccae7feff Add "disable" button to report screen (#9024)
* Add "disable" button to report screen

* i18n-tasks remove-unused
2018-10-20 02:39:39 +02:00
Eugen Rochko
9309e5981d Redesign direct messages column (#9022) 2018-10-20 02:23:58 +02:00
Masoud Abkenar
6b1f1c32c5 RTL: fix preferences layout (#9021) 2018-10-20 01:05:17 +02:00
bsky
064b26f03c Fix admin account avatar margin (#9020) 2018-10-19 20:35:42 +02:00
Masoud Abkenar
4a95304331 RTL: fix user stats in about page (#9018) 2018-10-19 20:16:13 +09:00
Eugen Rochko
e3b2234382 Add unread indicator to conversations (#9009) 2018-10-19 01:47:29 +02:00
takayamaki
8f0c64baf1 fix: initial state of PrivacyDropdown is should not be null (#9008) 2018-10-19 00:00:19 +02:00
Masoud Abkenar
ec15808edd RTL: fix domain append at signup form (#9007) 2018-10-18 21:19:31 +02:00
ThibG
b420d15a9b Fix fav/boosts hotkeys not working on detailed statuses (#9006) 2018-10-18 19:52:00 +02:00
Thibaut Girka
a8e896af12 Fix fav/boosts hotkeys not working on detailed statuses 2018-10-18 19:00:59 +02:00
Masoud Abkenar
3d51268c4c RTL: fix admin account margins in about page (#9005) 2018-10-18 14:35:49 +02:00
Eugen Rochko
92b93a12cb Do not show "limited" visibility in default visibility preference (#8999)
* Do not show "limited" visibility in default visibility preference

Fix regression from #8950

* Fix code style issue
2018-10-17 22:04:40 +02:00
Eugen Rochko
654520ec8c Improve support for aspects/circles (#8950)
* Add silent column to mentions

* Save silent mentions in ActivityPub Create handler and optimize it

Move networking calls out of the database transaction

* Add "limited" visibility level masked as "private" in the API

Unlike DMs, limited statuses are pushed into home feeds. The access
control rules between direct and limited statuses is almost the same,
except for counter and conversation logic

* Ensure silent column is non-null, add spec

* Ensure filters don't check silent mentions for blocks/mutes

As those are "this person is also allowed to see" rather than "this
person is involved", therefore does not warrant filtering

* Clean up code

* Use Status#active_mentions to limit returned mentions

* Fix code style issues

* Use Status#active_mentions in Notification

And remove stream_entry eager-loading from Notification
2018-10-17 17:13:04 +02:00
ThibG
6e5f9ee743 Handle global hotkeys even when no element has focus (#8998)
This fixes hotkeys not working when pressing the column
“back” button, for instance.
2018-10-17 16:56:16 +02:00
Quint Guvernator
96388bae5f always allow DMs from staff (#8993) 2018-10-16 19:55:05 +02:00
Eugen Rochko
2a43a09ec0 Improve form for selecting media display preference (#8965)
Regression from #8569
2018-10-16 14:07:54 +02:00
Masoud Abkenar
024326e6e6 Fixes 8987 broken alignment at "Remote interaction dialog" (#8988) 2018-10-15 16:09:08 +02:00
Masoud Abkenar
96696a40ff undo part of PR 8202 to fix RTL (#8979) 2018-10-15 04:39:20 +02:00
Thibaut Girka
ccf5ddfd88 Handle alt+enter in the spoiler input as shortcut for secondary post
Fixes #780
2018-10-14 12:00:21 +02:00
Eugen Rochko
ce6772690f Improve style of notice/alert messages (#8973) 2018-10-13 01:51:30 +02:00
Eugen Rochko
c04048aae8 Weblate translations (2018-10-12) (#8972)
* Translated using Weblate (Welsh)

Currently translated at 64.4% (448 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/cy/

* Translated using Weblate (Arabic)

Currently translated at 98.0% (682 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/ar/

* Translated using Weblate (French)

Currently translated at 99.9% (695 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/fr/

* Translated using Weblate (Arabic)

Currently translated at 94.3% (82 of 87 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/ar/

* Translated using Weblate (Welsh)

Currently translated at 88.7% (297 of 335 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/cy/

* Translated using Weblate (French)

Currently translated at 100.0% (335 of 335 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/fr/

* Translated using Weblate (French)

Currently translated at 100,0% (87 of 87 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/fr/

* Translated using Weblate (Czech)

Currently translated at 100.0% (335 of 335 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/cs/

* Translated using Weblate (Czech)

Currently translated at 100.0% (87 of 87 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/cs/

* Translated using Weblate (Czech)

Currently translated at 99.9% (695 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/cs/

* Translated using Weblate (Persian)

Currently translated at 100.0% (335 of 335 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/fa/

* Translated using Weblate (Arabic)

Currently translated at 94.6% (88 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/ar/

* Translated using Weblate (Arabic)

Currently translated at 100.0% (335 of 335 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/ar/

* Translated using Weblate (Czech)

Currently translated at 100.0% (93 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/cs/

* Translated using Weblate (Galician)

Currently translated at 100,0% (93 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/gl/

* Translated using Weblate (Galician)

Currently translated at 100,0% (696 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/gl/

* Translated using Weblate (Greek)

Currently translated at 100.0% (93 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/el/

* Translated using Weblate (Greek)

Currently translated at 98.8% (331 of 335 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/el/

* Translated using Weblate (Greek)

Currently translated at 99.7% (694 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/el/

* Translated using Weblate (Persian)

Currently translated at 100.0% (93 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/fa/

* Translated using Weblate (Czech)

Currently translated at 99.9% (695 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/cs/

* Translated using Weblate (French)

Currently translated at 100,0% (93 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/fr/

* Translated using Weblate (French)

Currently translated at 99.9% (695 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/fr/

* Translated using Weblate (Japanese)

Currently translated at 99.4% (692 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/ja/

* Translated using Weblate (Corsican)

Currently translated at 100.0% (93 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/co/

* Translated using Weblate (Corsican)

Currently translated at 99.9% (695 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/co/

* Translated using Weblate (German)

Currently translated at 99.6% (693 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/de/

* Translated using Weblate (German)

Currently translated at 100,0% (93 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/de/

* Translated using Weblate (Japanese)

Currently translated at 99.4% (692 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/ja/

* Translated using Weblate (Japanese)

Currently translated at 99.9% (695 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/ja/

* Translated using Weblate (Japanese)

Currently translated at 100.0% (335 of 335 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/ja/

* Translated using Weblate (Japanese)

Currently translated at 94.6% (88 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/ja/

* i18n-tasks normalize

* yarn manage:translations
2018-10-13 01:51:14 +02:00
Thibaut Girka
794b2dad99 Fix auto-unfold CWs when no regexp is set
Fixes #778
2018-10-12 23:34:26 +02:00
Thibaut Girka
dbc1b36b61 Allow selecting both default flavour and theme
Fixes #672
2018-10-12 19:06:35 +02:00
Eugen Rochko
27376e2457 Improve signature verification safeguards (#8959)
* Downcase signed_headers string before building the signed string

The HTTP Signatures draft does not mandate the “headers” field to be downcased,
but mandates the header field names to be downcased in the signed string, which
means that prior to this patch, Mastodon could fail to process signatures from
some compliant clients. It also means that it would not actually check the
Digest of non-compliant clients that wouldn't use a lowercased Digest field
name.

Thankfully, I don't know of any such client.

* Revert "Remove dead code (#8919)"

This reverts commit 65d1a2d10a.

* Restore time window checking, change it to 12 hours

By checking the Date header, we can prevent replaying old vulnerable
signatures. The focus is to prevent replaying old vulnerable requests
from software that has been fixed in the meantime, so a somewhat long
window should be fine and accounts for timezone misconfiguration.

* Escape users' URLs when formatting them

Fixes possible HTML injection

* Escape all string interpolations in Formatter class

Slightly improve performance by reducing class allocations
from repeated Formatter#encode calls

* Fix code style issues
2018-10-12 07:00:41 +02:00
Eugen Rochko
2a36092328 Display customized mascot in web UI and fix admin form for it (#8964)
Follow-up to #8766
2018-10-12 04:04:08 +02:00
Eugen Rochko
3ede0e8b95 Fix missing protocol in dns-prefetch, improve code style (#8963)
Regression from #8942
2018-10-12 02:19:10 +02:00
Eugen Rochko
bf125acdb0 Fix microformats on statuses according to updated spec (#8958) 2018-10-12 02:04:07 +02:00
Eugen Rochko
735a43bdea Fix type of conversation ID in conversations API (#8961) 2018-10-12 01:36:51 +02:00
Eugen Rochko
0a5b65533d Improve signature verification safeguards (#8959)
* Downcase signed_headers string before building the signed string

The HTTP Signatures draft does not mandate the “headers” field to be downcased,
but mandates the header field names to be downcased in the signed string, which
means that prior to this patch, Mastodon could fail to process signatures from
some compliant clients. It also means that it would not actually check the
Digest of non-compliant clients that wouldn't use a lowercased Digest field
name.

Thankfully, I don't know of any such client.

* Revert "Remove dead code (#8919)"

This reverts commit 65d1a2d10a.

* Restore time window checking, change it to 12 hours

By checking the Date header, we can prevent replaying old vulnerable
signatures. The focus is to prevent replaying old vulnerable requests
from software that has been fixed in the meantime, so a somewhat long
window should be fine and accounts for timezone misconfiguration.

* Escape users' URLs when formatting them

Fixes possible HTML injection

* Escape all string interpolations in Formatter class

Slightly improve performance by reducing class allocations
from repeated Formatter#encode calls

* Fix code style issues
2018-10-12 00:15:55 +02:00
ThibG
10ed0ddd2a Merge pull request #775 from ThibG/glitch-soc/merge-upstream
Merge upstream changes
2018-10-11 21:28:03 +02:00
ThibG
51c53e709f Set Content-Security-Policy rules through RoR's config (#8957)
* Set CSP rules in RoR's configuration

* Override CSP setting in the embed controller to allow frames
2018-10-11 20:35:46 +02:00