mirror of
https://git.kescher.at/CatCatNya/catstodon.git
synced 2024-11-25 16:41:36 +01:00
Merge remote-tracking branch 'upstream/main'
This commit is contained in:
commit
df0616fd2a
20 changed files with 120 additions and 12 deletions
|
@ -4,6 +4,4 @@ not IE 11
|
||||||
not dead
|
not dead
|
||||||
|
|
||||||
[development]
|
[development]
|
||||||
last 1 chrome version
|
supports es6-module
|
||||||
last 1 firefox version
|
|
||||||
last 1 safari version
|
|
||||||
|
|
47
CHANGELOG.md
47
CHANGELOG.md
|
@ -3,6 +3,53 @@ Changelog
|
||||||
|
|
||||||
All notable changes to this project will be documented in this file.
|
All notable changes to this project will be documented in this file.
|
||||||
|
|
||||||
|
## [3.5.3] - 2022-05-26
|
||||||
|
### Added
|
||||||
|
|
||||||
|
- **Add language dropdown to compose form in web UI** ([Gargron](https://github.com/mastodon/mastodon/pull/18420), [ykzts](https://github.com/mastodon/mastodon/pull/18460))
|
||||||
|
- **Add warning for limited accounts in web UI** ([Gargron](https://github.com/mastodon/mastodon/pull/18344))
|
||||||
|
- Add `limited` attribute to accounts in REST API ([Gargron](https://github.com/mastodon/mastodon/pull/18344))
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
|
||||||
|
- **Change RSS feeds** ([Gargron](https://github.com/mastodon/mastodon/pull/18356), [tribela](https://github.com/mastodon/mastodon/pull/18406))
|
||||||
|
- Titles are now date and time of post
|
||||||
|
- Bodies now render all content faithfully, including polls and emojis
|
||||||
|
- All media attachments are included with Media RSS
|
||||||
|
- Change "dangerous" to "sensitive" in privacy policy and web UI ([Gargron](https://github.com/mastodon/mastodon/pull/18515))
|
||||||
|
- Change unconfirmed accounts to not be visible in REST API ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17530))
|
||||||
|
- Change `tootctl search deploy` to improve performance ([Gargron](https://github.com/mastodon/mastodon/pull/18463), [Gargron](https://github.com/mastodon/mastodon/pull/18514))
|
||||||
|
- Change search indexing to use batches to minimize resource usage ([Gargron](https://github.com/mastodon/mastodon/pull/18451))
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
|
||||||
|
- Fix follower and other counters being able to go negative ([Gargron](https://github.com/mastodon/mastodon/pull/18517))
|
||||||
|
- Fix unnecessary query on when creating a status ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/17901))
|
||||||
|
- Fix warning an account outside of a report closing all reports for that account ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/18387))
|
||||||
|
- Fix error when resolving a link that redirects to a local post ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/18314))
|
||||||
|
- Fix preferred posting language returning unusable value in REST API ([Gargron](https://github.com/mastodon/mastodon/pull/18428))
|
||||||
|
- Fix race condition error when external status is reblogged ([ykzts](https://github.com/mastodon/mastodon/pull/18424))
|
||||||
|
- Fix missing string for appeal validation error ([Gargron](https://github.com/mastodon/mastodon/pull/18410))
|
||||||
|
- Fix block/mute lists showing a follow button in web UI ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/18364))
|
||||||
|
- Fix Redis configuration not being changed by `mastodon:setup` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/18383))
|
||||||
|
- Fix streaming notifications not using quick filter logic in web UI ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/18316))
|
||||||
|
- Fix ambiguous wording on appeal actions in admin UI ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/18328))
|
||||||
|
- Fix floating action button obscuring last element in web UI ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/18332))
|
||||||
|
- Fix account warnings not being recorded in audit log ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/18338))
|
||||||
|
- Fix leftover icons for direct visibility statuses ([Steffo99](https://github.com/mastodon/mastodon/pull/18305))
|
||||||
|
- Fix link verification requiring case sensitivity on links ([sgolemon](https://github.com/mastodon/mastodon/pull/18320))
|
||||||
|
- Fix embeds not setting their height correctly ([rinsuki](https://github.com/mastodon/mastodon/pull/18301))
|
||||||
|
|
||||||
|
### Security
|
||||||
|
|
||||||
|
- Fix concurrent unfollowing decrementing follower count more than once ([Gargron](https://github.com/mastodon/mastodon/pull/18527))
|
||||||
|
- Fix being able to appeal a strike unlimited times ([Gargron](https://github.com/mastodon/mastodon/pull/18529))
|
||||||
|
- Fix being able to report otherwise inaccessible statuses ([Gargron](https://github.com/mastodon/mastodon/pull/18528))
|
||||||
|
- Fix empty votes arbitrarily increasing voters count in polls ([Gargron](https://github.com/mastodon/mastodon/pull/18526))
|
||||||
|
- Fix moderator identity leak when approving appeal of sensitive marked statuses ([Gargron](https://github.com/mastodon/mastodon/pull/18525))
|
||||||
|
- Fix suspended users being able to access APIs that don't require a user ([Gargron](https://github.com/mastodon/mastodon/pull/18524))
|
||||||
|
- Fix confirmation redirect to app without `Location` header ([Gargron](https://github.com/mastodon/mastodon/pull/18523))
|
||||||
|
|
||||||
## [3.5.2] - 2022-05-04
|
## [3.5.2] - 2022-05-04
|
||||||
### Added
|
### Added
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ A "vulnerability in Mastodon" is a vulnerability in the code distributed through
|
||||||
| ------- | ------------------ |
|
| ------- | ------------------ |
|
||||||
| 3.5.x | Yes |
|
| 3.5.x | Yes |
|
||||||
| 3.4.x | Yes |
|
| 3.4.x | Yes |
|
||||||
| 3.3.x | Yes |
|
| 3.3.x | No |
|
||||||
| < 3.3 | No |
|
| < 3.3 | No |
|
||||||
|
|
||||||
[bug-bounty]: https://app.intigriti.com/programs/mastodon/mastodonio/detail
|
[bug-bounty]: https://app.intigriti.com/programs/mastodon/mastodonio/detail
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
class ActivityPub::BaseController < Api::BaseController
|
class ActivityPub::BaseController < Api::BaseController
|
||||||
skip_before_action :require_authenticated_user!
|
skip_before_action :require_authenticated_user!
|
||||||
|
skip_before_action :require_not_suspended!
|
||||||
skip_around_action :set_locale
|
skip_around_action :set_locale
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
|
@ -11,6 +11,7 @@ class Api::BaseController < ApplicationController
|
||||||
skip_before_action :require_functional!, unless: :whitelist_mode?
|
skip_before_action :require_functional!, unless: :whitelist_mode?
|
||||||
|
|
||||||
before_action :require_authenticated_user!, if: :disallow_unauthenticated_api_access?
|
before_action :require_authenticated_user!, if: :disallow_unauthenticated_api_access?
|
||||||
|
before_action :require_not_suspended!
|
||||||
before_action :set_cache_headers
|
before_action :set_cache_headers
|
||||||
|
|
||||||
protect_from_forgery with: :null_session
|
protect_from_forgery with: :null_session
|
||||||
|
@ -97,6 +98,10 @@ class Api::BaseController < ApplicationController
|
||||||
render json: { error: 'This method requires an authenticated user' }, status: 401 unless current_user
|
render json: { error: 'This method requires an authenticated user' }, status: 401 unless current_user
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def require_not_suspended!
|
||||||
|
render json: { error: 'Your login is currently disabled' }, status: 403 if current_user&.account&.suspended?
|
||||||
|
end
|
||||||
|
|
||||||
def require_user!
|
def require_user!
|
||||||
if !current_user
|
if !current_user
|
||||||
render json: { error: 'This method requires an authenticated user' }, status: 422
|
render json: { error: 'This method requires an authenticated user' }, status: 422
|
||||||
|
|
|
@ -89,7 +89,7 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
|
||||||
|
|
||||||
def after_confirmation_path_for(_resource_name, user)
|
def after_confirmation_path_for(_resource_name, user)
|
||||||
if user.created_by_application && truthy_param?(:redirect_to_app)
|
if user.created_by_application && truthy_param?(:redirect_to_app)
|
||||||
user.created_by_application.redirect_uri
|
user.created_by_application.confirmation_redirect_uri
|
||||||
else
|
else
|
||||||
super
|
super
|
||||||
end
|
end
|
||||||
|
|
|
@ -23,7 +23,7 @@ module FormattingHelper
|
||||||
|
|
||||||
before_html = begin
|
before_html = begin
|
||||||
if status.spoiler_text?
|
if status.spoiler_text?
|
||||||
"<p><strong>#{I18n.t('rss.content_warning', locale: valid_locale_or_nil(status.language))}</strong> #{h(status.spoiler_text)}</p><hr />"
|
"<p><strong>#{I18n.t('rss.content_warning', locale: available_locale_or_nil(status.language) || I18n.default_locale)}</strong> #{h(status.spoiler_text)}</p><hr />"
|
||||||
else
|
else
|
||||||
''
|
''
|
||||||
end
|
end
|
||||||
|
|
|
@ -254,4 +254,8 @@ module LanguagesHelper
|
||||||
def valid_locale?(locale)
|
def valid_locale?(locale)
|
||||||
locale.present? && SUPPORTED_LOCALES.key?(locale.to_sym)
|
locale.present? && SUPPORTED_LOCALES.key?(locale.to_sym)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def available_locale_or_nil(locale_name)
|
||||||
|
locale_name.to_sym if locale_name.present? && I18n.available_locales.include?(locale_name.to_sym)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -12,4 +12,8 @@ module ApplicationExtension
|
||||||
def most_recently_used_access_token
|
def most_recently_used_access_token
|
||||||
@most_recently_used_access_token ||= access_tokens.where.not(last_used_at: nil).order(last_used_at: :desc).first
|
@most_recently_used_access_token ||= access_tokens.where.not(last_used_at: nil).order(last_used_at: :desc).first
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def confirmation_redirect_uri
|
||||||
|
redirect_uri.lines.first.strip
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -26,4 +26,10 @@ class RSS::MediaContent < RSS::Element
|
||||||
description['type'] = 'plain'
|
description['type'] = 'plain'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def thumbnail(str)
|
||||||
|
append_element('media:thumbnail') do |thumbnail|
|
||||||
|
thumbnail['url'] = str
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -20,4 +20,16 @@ class AccountStat < ApplicationRecord
|
||||||
belongs_to :account, inverse_of: :account_stat
|
belongs_to :account, inverse_of: :account_stat
|
||||||
|
|
||||||
update_index('accounts', :account)
|
update_index('accounts', :account)
|
||||||
|
|
||||||
|
def following_count
|
||||||
|
[attributes['following_count'], 0].max
|
||||||
|
end
|
||||||
|
|
||||||
|
def followers_count
|
||||||
|
[attributes['followers_count'], 0].max
|
||||||
|
end
|
||||||
|
|
||||||
|
def statuses_count
|
||||||
|
[attributes['statuses_count'], 0].max
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -103,7 +103,7 @@ class Admin::StatusBatchAction
|
||||||
|
|
||||||
def handle_report!
|
def handle_report!
|
||||||
@report = Report.new(report_params) unless with_report?
|
@report = Report.new(report_params) unless with_report?
|
||||||
@report.status_ids = (@report.status_ids + status_ids.map(&:to_i)).uniq
|
@report.status_ids = (@report.status_ids + allowed_status_ids).uniq
|
||||||
@report.save!
|
@report.save!
|
||||||
|
|
||||||
@report_id = @report.id
|
@report_id = @report.id
|
||||||
|
@ -135,4 +135,8 @@ class Admin::StatusBatchAction
|
||||||
def report_params
|
def report_params
|
||||||
{ account: current_account, target_account: target_account }
|
{ account: current_account, target_account: target_account }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def allowed_status_ids
|
||||||
|
AccountStatusesFilter.new(@report.target_account, current_account).results.with_discarded.where(id: status_ids).pluck(:id)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -17,6 +17,18 @@ class StatusStat < ApplicationRecord
|
||||||
|
|
||||||
after_commit :reset_parent_cache
|
after_commit :reset_parent_cache
|
||||||
|
|
||||||
|
def replies_count
|
||||||
|
[attributes['replies_count'], 0].max
|
||||||
|
end
|
||||||
|
|
||||||
|
def reblogs_count
|
||||||
|
[attributes['reblogs_count'], 0].max
|
||||||
|
end
|
||||||
|
|
||||||
|
def favourites_count
|
||||||
|
[attributes['favourites_count'], 0].max
|
||||||
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def reset_parent_cache
|
def reset_parent_cache
|
||||||
|
|
|
@ -14,7 +14,8 @@ class AppealService < BaseService
|
||||||
private
|
private
|
||||||
|
|
||||||
def create_appeal!
|
def create_appeal!
|
||||||
@appeal = @strike.create_appeal!(
|
@appeal = Appeal.create!(
|
||||||
|
strike: @strike,
|
||||||
text: @text,
|
text: @text,
|
||||||
account: @strike.target_account
|
account: @strike.target_account
|
||||||
)
|
)
|
||||||
|
|
|
@ -52,8 +52,9 @@ class ApproveAppealService < BaseService
|
||||||
end
|
end
|
||||||
|
|
||||||
def undo_mark_statuses_as_sensitive!
|
def undo_mark_statuses_as_sensitive!
|
||||||
|
representative_account = Account.representative
|
||||||
@strike.statuses.includes(:media_attachments).each do |status|
|
@strike.statuses.includes(:media_attachments).each do |status|
|
||||||
UpdateStatusService.new.call(status, @current_account.id, sensitive: false) if status.with_media?
|
UpdateStatusService.new.call(status, representative_account.id, sensitive: false) if status.with_media?
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -57,7 +57,7 @@ class ReportService < BaseService
|
||||||
end
|
end
|
||||||
|
|
||||||
def reported_status_ids
|
def reported_status_ids
|
||||||
@target_account.statuses.with_discarded.find(Array(@status_ids)).pluck(:id)
|
AccountStatusesFilter.new(@target_account, @source_account).results.with_discarded.find(Array(@status_ids)).pluck(:id)
|
||||||
end
|
end
|
||||||
|
|
||||||
def payload
|
def payload
|
||||||
|
|
|
@ -2,6 +2,8 @@
|
||||||
|
|
||||||
class UnfollowService < BaseService
|
class UnfollowService < BaseService
|
||||||
include Payloadable
|
include Payloadable
|
||||||
|
include Redisable
|
||||||
|
include Lockable
|
||||||
|
|
||||||
# Unfollow and notify the remote user
|
# Unfollow and notify the remote user
|
||||||
# @param [Account] source_account Where to unfollow from
|
# @param [Account] source_account Where to unfollow from
|
||||||
|
@ -13,7 +15,9 @@ class UnfollowService < BaseService
|
||||||
@target_account = target_account
|
@target_account = target_account
|
||||||
@options = options
|
@options = options
|
||||||
|
|
||||||
unfollow! || undo_follow_request!
|
with_lock("relationship:#{[source_account.id, target_account.id].sort.join(':')}") do
|
||||||
|
unfollow! || undo_follow_request!
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
|
@ -7,6 +7,8 @@ class VoteService < BaseService
|
||||||
include Lockable
|
include Lockable
|
||||||
|
|
||||||
def call(account, poll, choices)
|
def call(account, poll, choices)
|
||||||
|
return if choices.empty?
|
||||||
|
|
||||||
authorize_with account, poll, :vote?
|
authorize_with account, poll, :vote?
|
||||||
|
|
||||||
@account = account
|
@account = account
|
||||||
|
|
|
@ -128,6 +128,13 @@ Doorkeeper.configure do
|
||||||
#
|
#
|
||||||
force_ssl_in_redirect_uri false
|
force_ssl_in_redirect_uri false
|
||||||
|
|
||||||
|
# Specify what redirect URI's you want to block during Application creation.
|
||||||
|
# Any redirect URI is whitelisted by default.
|
||||||
|
#
|
||||||
|
# You can use this option in order to forbid URI's with 'javascript' scheme
|
||||||
|
# for example.
|
||||||
|
forbid_redirect_uri { |uri| %w[data vbscript javascript].include?(uri.scheme.to_s.downcase) }
|
||||||
|
|
||||||
# Specify what grant flows are enabled in array of Strings. The valid
|
# Specify what grant flows are enabled in array of Strings. The valid
|
||||||
# strings and the flows they enable are:
|
# strings and the flows they enable are:
|
||||||
#
|
#
|
||||||
|
|
|
@ -13,7 +13,7 @@ module Mastodon
|
||||||
end
|
end
|
||||||
|
|
||||||
def patch
|
def patch
|
||||||
2
|
3
|
||||||
end
|
end
|
||||||
|
|
||||||
def flags
|
def flags
|
||||||
|
|
Loading…
Reference in a new issue