2c2c075fd6
Disallow following locked accounts over OStatus
2019-07-31 20:08:59 +00:00
59e60c6db1
ostatus: explicitly disallow protocol downgrade from activitypub
...
This closes embargoed bug #1135 .
2019-07-31 18:57:52 +00:00
f685e887b3
transmogrifier: use User.delete() instead of handrolled user deletion code for remote users
...
Closes #1104
2019-07-28 23:09:55 +00:00
6a35c151c6
Fix not being able to pin unlisted posts
...
Closes #1038
2019-07-28 22:39:10 +00:00
1e5d889aec
preserve the original path/filename (no encoding/decoding) for proxy
2019-07-28 22:37:18 +00:00
ccafecf9be
try to always match the filename for proxy url
2019-07-28 22:36:42 +00:00
ed639376ac
Mastodon Controller: Fix tests.
2019-07-28 22:33:17 +00:00
8123578bf8
Status View: Poll ids are strings.
...
All ids in mastodon are strings, in general.
2019-07-28 22:33:09 +00:00
f1147a3d7f
fix backport
2019-07-14 20:02:39 +00:00
c51b2abead
HttpRequestMock: Add 404s on OStatus fetching for info.pleroma.site
2019-07-14 20:00:48 +00:00
3e298cc85a
HttpRequestMock: Add missing mocks for object containment tests
2019-07-14 20:00:17 +00:00
cdf2ff8176
nodeinfo: implement MRF transparency exclusions
2019-07-14 19:31:55 +00:00
1c79ec2c08
FetcherTest: Containment refute called(OStatus.fetch_activity_from_url)
2019-07-14 19:30:34 +00:00
5e9befc7d4
tests: fix object containment violations in the transmogrifier tests
...
Some objects were not completely rewritten in the tests, which caused object
containment violations. Fix them by rewriting the object IDs to be in an
appropriate namespace.
2019-07-14 19:29:15 +00:00
6d715b7702
security: detect object containment violations at the IR level
...
It is more efficient to check for object containment violations at the IR
level instead of in the protocol handlers. OStatus containment is especially
a tricky situation, as the containment rules don't match those of IR and
ActivityPub.
Accordingly, we just always do a final containment check at the IR level
before the object is added to the IR object graph.
2019-07-14 19:28:47 +00:00
0369a5db16
Merge branch 'idempotency-plug' into 'develop'
...
Add IdempotencyPlug and use it in all of the api
Closes #1003
See merge request pleroma/pleroma!1339
2019-06-27 04:20:17 +00:00
c6705144a2
don't delete config settings on admin update
2019-06-27 04:19:44 +00:00
889a9c3a3f
Polish IdempotencyPlug
2019-06-27 01:53:58 +07:00
825077a5b0
Add Idempotency plug
2019-06-26 18:36:58 +07:00
d53fb55bb7
Return correct response when reply to a direct message is not direct itself
2019-06-26 10:59:27 +00:00
4ad15ad2a9
add ignore hosts and TLDs for rich_media
2019-06-25 22:25:37 +03:00
0cb8e710fb
add test
2019-06-25 18:06:08 +03:00
a0c4ebb4d7
[ #184 ] small refactoring reset password
2019-06-24 19:01:56 +00:00
2c63c67512
Rework user deletion
2019-06-24 18:59:12 +00:00
f2c03425b0
Broadcast conversation update when DM is deleted
2019-06-24 07:14:04 +00:00
27b9605de0
Merge branch 'rich_media_titles_two' into 'develop'
...
Rich media titles two
See merge request pleroma/pleroma!1325
2019-06-23 05:43:11 +00:00
b37ede5df3
log capturing
2019-06-23 08:16:28 +03:00
982cad0268
support for config groups
2019-06-23 08:16:16 +03:00
410add1c30
support for tuples with more than 2 values
2019-06-22 17:30:53 +03:00
0e415921cd
Rich Media Parser: Do not return just a title if nothing else is there.
2019-06-22 16:22:59 +02:00
58c4d5312b
Revert "Revert "Merge branch 'fix/ogp-title' into 'develop'""
...
This reverts commit b6af80f769
2019-06-22 15:12:57 +02:00
f0fccb7578
fix for int and modules
2019-06-22 09:01:30 +03:00
55742d978d
Merge branch 'feature/mrf-anti-link-spam' into 'develop'
...
implement anti link spam MRF
See merge request pleroma/pleroma!1307
2019-06-21 22:56:54 +00:00
e3534f5b3c
Merge branch 'oauth_secure_redirect' into 'develop'
...
OAuth security improvements (`redirect_uri` listing enforcement)
See merge request pleroma/pleroma!1302
2019-06-21 22:31:12 +00:00
720412bf24
Merge branch 'revert-6f5a0cc1' into 'develop'
...
Revert "Merge branch 'fix/ogp-title' into 'develop'"
See merge request pleroma/pleroma!1317
2019-06-21 22:28:46 +00:00
b6af80f769
Revert "Merge branch 'fix/ogp-title' into 'develop'"
...
This reverts merge request !1277
2019-06-21 11:36:32 +00:00
fc6e661672
Fix rate limiter tests
2019-06-21 16:47:16 +07:00
32320c1ee9
Fixes for dynamic configuration
2019-06-20 17:43:57 +00:00
21dacd4b15
unbreak polls
2019-06-19 16:33:49 +00:00
736d8ad6be
implement anti link spam MRF
2019-06-19 15:58:32 +00:00
e4fa6b99ac
aliases for mix tasks
...
ecto.migrate
ecto.rollback
2019-06-19 10:33:33 +00:00
5c6c4ce634
Merge branch 'fix/rich-media-hashtags-again' into 'develop'
...
Rich Media: Skip Microformats hashtags
See merge request pleroma/pleroma!1304
2019-06-19 08:48:41 +00:00
035368d363
Rich Media: Skip Microformats hashtags
...
When fixing this problem I incorrectly assumed a.hashtag is
the proper way for detecting hashtags, but it is just something Pleroma and
Mastodon add. Per microformats it should be detected by the presense of rel=tag.
This MR adds a check for rel=tag, but I still left a.hashtag just in case
2019-06-19 00:46:30 +03:00
9f45f93949
Added more `redirect_uri` checks to prevent redirect to not explicitly listed URI.
2019-06-18 17:00:49 +03:00
c7acca2abb
Mastodon API: Sanitize display names
...
Closes #1000
2019-06-18 14:12:11 +03:00
49a49d3763
Merge branch 'removing-test-errors' into 'develop'
...
Removing test errors
See merge request pleroma/pleroma!1296
2019-06-17 14:16:23 +00:00
c34327b22e
Merge branch 'fix/sanitize-report-content' into 'develop'
...
Sanitize HTML in ReportView
Closes #990
See merge request pleroma/pleroma!1293
2019-06-16 18:05:00 +00:00
2e2edcb461
capturing errors
2019-06-16 20:10:12 +08:00
0f59265a50
salmon fix
...
removed some ownership sandbox error
2019-06-16 20:10:12 +08:00
a04bf131e0
[ #570 ] add user:notification stream
2019-06-16 10:33:25 +00:00
rinpatch
Ariadne Conill
Sachin Joshi
lain
Haelwenn (lanodan) Monnier
kaniini
Alexander Strizhakov
Egor Kislitsyn
Sergey Suprunenko
Maksim Pechnikov
Eugenij
feld
William Pitcock
Ivan Tashkinov
Haelwenn