Commit graph

1001 commits

Author SHA1 Message Date
Claire
84bc751433 Merge commit '6a19d5ce9942686e0cda1a9decec349d0a1f4e26' into glitch-soc/merge-upstream
Conflicts:
- `app/controllers/authorize_interactions_controller.rb`:
  Small conflict due to our theming system.
- `streaming/index.js`:
  Upstream refactored part of the streaming server.
  We had some extra logic for handling local-only posts.
  Applied the refactor.
2023-07-30 16:11:55 +02:00
Claire
1039fce896 Merge commit '5a5d8a97579bf2da481871588425734678019f52' into glitch-soc/merge-upstream 2023-07-30 14:33:28 +02:00
Claire
db809f8789 Merge commit 'f3127af389f6043fe19c9ef4addefb6c6da0095a' into glitch-soc/merge-upstream
Conflicts:
- `app/views/layouts/application.html.haml`:
  Upstream removed the `crossorigin` attribute from `preload_pack_asset`.
  Glitch-soc had different calls to `preload_pack_asset` because of the
  different theming system.
  Ported the change.
- `app/views/layouts/embedded.html.haml`:
  Upstream removed the `crossorigin` attribute from `preload_pack_asset`.
  Glitch-soc had different calls to `preload_pack_asset` because of the
  different theming system.
  Ported the change.
2023-07-30 13:42:06 +02:00
Misty De Méo
a4cdbc52b1 Storage: add :azure to remaining callers (#26080) 2023-07-27 16:13:45 +02:00
Claire
20809d5d8c Change interaction modal in web UI (#26075)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-07-27 16:11:17 +02:00
Claire
21ce598a57 Bump version to v4.1.5 (#26108) 2023-07-21 21:23:14 +02:00
Renaud Chaput
f31a9bd78e Fix the crossorigin attribute (#26096) 2023-07-21 11:14:26 +02:00
Claire
1399e9d863 Merge commit '6ee7c03b282663700b2e3f2f83b57b163aac2a35' into glitch-soc/merge-upstream
Conflicts:
- `db/migrate/20180831171112_create_bookmarks.rb`:
  Upstream ran a lint fix on this file, but this file is different in
  glitch-soc because the feature was added much earlier.
  Ran the lint fix on our own version of the file.
2023-07-12 16:03:05 +02:00
Matt Jankowski
034a6a0dd4 Refactor Snowflake to avoid brakeman sql injection warnings (#25879) 2023-07-12 10:44:58 +02:00
Matt Jankowski
d98717ceef Fix Style/SlicingWithRange cop (#25923) 2023-07-12 10:03:06 +02:00
Nick Schonning
96a8aa32ad Enable Rubocop Style/FrozenStringLiteralComment (#23793) 2023-07-12 09:47:08 +02:00
Claire
9ba89aeeb5 Merge branch 'main' into glitch-soc/merge-upstream
Conflicts:
- `.github/workflows/build-image.yml`:
  Upstream attempted something with tags.
  Kept our version.
2023-07-07 19:59:43 +02:00
Claire
784f7fb497 Bump version to v4.1.4 (#25805) 2023-07-07 19:42:03 +02:00
Claire
d979d9fe49 Fix branding:generate_app_icons failing because of disallowed ICO coder (#25794) 2023-07-07 18:10:00 +02:00
Claire
3581e4be49 Merge branch 'main' into glitch-soc/merge-upstream 2023-07-06 15:16:34 +02:00
Claire
8f62bea002 Bump version to v4.1.3 (#25757) 2023-07-06 15:14:42 +02:00
Claire
3445bdfa45 Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Claire
96dcfa9745 Merge pull request from GHSA-ccm4-vgcc-73hp
* Tighten allowed HTML in oEmbed-based preview cards

* Sanitize preview cards at render time

* Add `sandbox` attribute to preview card iframes
2023-07-06 15:03:33 +02:00
Claire
5154acdb9f Add hardened headers to user-uploaded files (#25756) 2023-07-06 14:31:37 +02:00
Claire
b7af3115a7 Merge commit '3d50947e62272e3da4365e0b751e4e45c1d9bac6' into glitch-soc/merge-upstream
Conflicts:
- `app/models/user_settings.rb`:
  Upstream added a constraint on a setting textually close
  to glitch-soc-only settings.
  Applied upstream's change.
- `lib/sanitize_ext/sanitize_config.rb`:
  Upstream added support for the `translate` attribute on a few elements,
  where glitch-soc had a different set of allowed elements and attributes.
  Extended glitch-soc's allowed attributes with `translate` as upstream did.
- `spec/validators/status_length_validator_spec.rb`:
  Upstream refactored to use RSpec's `instance_double` instead of `double`,
  but glitch-soc had changes to tests due to configurable max toot chars.
  Applied upstream's changes while keeping tests against configurable max
  toot chars.
2023-06-25 14:27:38 +02:00
Claire
4e861795a4 Add translate="no" to outgoing mentions and links (#25524) 2023-06-20 18:10:19 +02:00
Plastikmensch
02ff7c5f3d Re-allow title attribute in <abbr> (#2254)
* Re-allow title attribute in <abbr>

This was accidentally removed in a6363c3a2a

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>

* Add test

Add a new test to check that title attribute on <abbr> is kept.

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>

---------

Signed-off-by: Plastikmensch <plastikmensch@users.noreply.github.com>
2023-06-19 18:01:35 +02:00
Claire
f101b67a45 Merge commit '239ee4f5d10aaa30b52cc59a58b2dc33fea5615f' into glitch-soc/merge-upstream 2023-06-18 10:36:14 +02:00
Matt Jankowski
61a9504522 Add coverage for CLI::Feeds command (#25319) 2023-06-10 18:37:36 +02:00
Matt Jankowski
4d21dbfa23 Add coverage for CLI::Cache command (#25238) 2023-06-10 18:36:09 +02:00
Claire
ee1de4206a Merge commit '68d362c0fc4d41cc97e981640bef41dea6f9f79d' into glitch-soc/merge-upstream
Conflicts:
- `config/initializers/content_security_policy.rb`:
  Kept our version, it was not affected by upstream's bug.
2023-06-10 16:48:01 +02:00
Claire
085a1197da Merge commit '21f904b344e57f68dd86b91d7228bdae37e75624' into glitch-soc/merge-upstream
Conflicts:
- `config/initializers/simple_form.rb`:
  Upstream added a new simple_form component, where we had an extra one.
  Kept both components.
2023-06-10 16:22:14 +02:00
Claire
e6b6a0535e Merge commit 'a82f0363091618ddd94c76bdd36bf05f74428eee' into glitch-soc/merge-upstream 2023-06-10 15:17:08 +02:00
Nick Schonning
ef344388c5 Autofix Rubocop Regex Style rules (#23690)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-06-06 14:50:51 +02:00
Claire
bda5be1406 Merge commit '68296cfb32f6ab7baf5c8400b2bdb261d6aa3694' into glitch-soc/merge-upstream
Conflicts:
- `.rubocop_todo.yml`:
  Took upstream's changes.
2023-06-05 13:25:22 +02:00
Jed Fox
e24a587f84 Consistently use middle dot (·) instead of bullet (•) to separate items (#25248) 2023-06-02 19:58:18 +02:00
Matt Jankowski
a32c2b694f Extract verify options method in search cli (#25121) 2023-06-01 14:35:05 +02:00
Matt Jankowski
13dffb206b Add CLI area progress bar helper (#25208) 2023-06-01 14:31:24 +02:00
Matt Jankowski
d59a2b5b8e Use thor methods instead of tty prompt in maintenance cli (#25207) 2023-05-31 19:40:16 +02:00
Matt Jankowski
8cb57d28a6 Fix FormatStringToken cop in CLI (#25122) 2023-05-30 16:21:53 +02:00
Matt Jankowski
87ff2507fc Fix Rails/WhereExists cop in CLI (#25123) 2023-05-30 16:09:57 +02:00
Matt Jankowski
dccd813e6c Extract helper method for error report in cli/accounts command (#25119) 2023-05-30 16:09:15 +02:00
Matt Jankowski
35e1c074e3 Increment index which was previously not used in maintenance CLI loop (#25118) 2023-05-30 16:08:47 +02:00
Matt Jankowski
9ee55e469c Consistent usage of CLI dry_run? method (#25116) 2023-05-30 16:07:44 +02:00
Claire
53b8a15ee9 Merge branch 'main' into glitch-soc/merge-upstream 2023-05-28 17:01:25 +02:00
Claire
973743ff50 Merge commit 'b6c687abc288b3ea7fe16bf38912462c2ca1b4e4' into glitch-soc/merge-upstream
Conflicts:
- `.github/dependabot.yml`:
  We removed it from glitch-soc.
  Keep it deleted.
2023-05-28 16:41:14 +02:00
Claire
006bc485e4 Merge commit '3e747f08639a78ac86858f6a2d2fc08a05ff3365' into glitch-soc/merge-upstream 2023-05-28 15:01:53 +02:00
Matt Jankowski
95b54f5ad7 Extract methods for user de-duping in maintenance CLI (#25117) 2023-05-26 09:42:16 +02:00
Claire
ee6f9d2c92 Merge commit 'cc5d2e22dd4b7afb9035cf999979e3cd36d97e46' into glitch-soc/merge-upstream 2023-05-25 22:59:30 +02:00
Claire
245a4eac89 Improve various queries against account domains (#25126) 2023-05-25 09:27:16 +02:00
Matt Jankowski
f97a429d20 Add CLI Base class for command line code (#25106) 2023-05-24 11:55:40 +02:00
Matt Jankowski
eada85f715 Move the mastodon/*_cli files to mastodon/cli/* (#24139) 2023-05-23 16:08:26 +02:00
Nick Schonning
c4f2b1e86a Fix minor typos in comments and spec names (#21831) 2023-05-19 17:13:29 +02:00
Claire
7f078e41c0 Merge commit 'd67de22458e599447c0d5c85ecbd6fb5aef9b4f4' into glitch-soc/merge-upstream
Conflicts:
- `.github/dependabot.yml`:
  We deleted it.
  Kept it removed.
- `app/javascript/packs/public.jsx`:
  Upstream changed an import, we have slightly different ones.
  Ported upstream changes.
2023-05-09 23:12:48 +02:00
Daniel M Brasil
f7b92ed93d Add ability to block sign-ups from IP using the CLI (#24870) 2023-05-09 14:46:00 +02:00