* Don't allow URLs that contain non-normalized paths to be verified
This stops things like https://example.com/otheruser/../realuser where
"/otheruser" appears to be the verified URL, but the actual URL being
verified is "/realuser" due to the "/../".
Also fix a test to use 'https', so it is testing the right thing, now
that since #20304 https is required.
* missing do
Conflicts:
- `.github/workflows/build-image.yml`:
Upstream changed how docker images were built, including how
they were cached.
I don't know much about it, so applied upstream's changes.
- `app/controllers/admin/domain_blocks_controller.rb`:
The feature, that was in glitch-soc, got backported upstream.
It also had a few fixes upstream, so those have been ported!
- `app/javascript/packs/admin.js`:
Glitch-soc changes have been backported upstream. As a result,
some code from `app/javascript/core/admin.js` got added upstream.
Kept our version since our shared Javascript already has that feature.
- `app/models/user.rb`:
Upstream added something to distinguish unusable and unusable-because-moved
accounts, while glitch-soc considers moved accounts usable.
Took upstream's code for `functional_or_moved?` and made `functional?`
call it.
- `app/views/statuses/_simple_status.html.haml`:
Upstream cleaned up code style a bit, on a line that we had custom changes
for.
Applied upstream's change while keeping our change.
- `config/initializers/content_security_policy.rb`:
Upstream adopted one CSP directive we already had.
The conflict is because of our files being structurally different, but the
change itself was already part of glitch-soc.
Kept our version.
Conflicts:
- `app/views/admin/announcements/edit.html.haml`:
Upstream change too close to theming-related glitch-soc change.
Ported upstream changes.
- `app/views/admin/announcements/new.html.haml`
Upstream change too close to theming-related glitch-soc change.
Ported upstream changes.
Conflicts:
- `app/models/account.rb`:
Conflict because we (glitch-soc) have disabled trending of posts without
review.
Discarded that upstream change.
- `app/views/admin/settings/discovery/show.html.haml`:
Just an extra setting in glitch-soc.
Kept that extra setting.
If `Nokogiri::HTML(value).at_xpath('//body')` fails to find the `body` element, it will return `nil`. We can guard against that with an early return. Avoids calling `children` on `Nilclass` in those cases.
Conflicts:
- `app/models/custom_emoji.rb`:
Not a real conflict, just upstream changing a line too close to
a glitch-soc-specific validation.
Applied upstream changes.
- `app/models/public_feed.rb`:
Not a real conflict, just upstream changing a line too close to
a glitch-soc-specific parameter documentation.
Applied upstream changes.
- Change verification to happen in `default` queue
- Change verification worker to only be queued if there's something to do
- Add `link` tags from metadata fields to page header of profiles
* Fix followers count not being updated when migrating follows
Fixes#19900
* Fix validation error in SynchronizeFeaturedTagsCollectionWorker
Also saves remote user's chosen case for hashtags
* Limit remote featured tags before validation
Conflicts:
- `app/javascript/mastodon/features/compose/components/poll_form.js`:
glitch-soc change because of having changed the default number of
available poll options.
Applied upstream's changes while keeping glitch-soc's default number of
poll options.
- `public/oops.png`:
We had a minor graphics change, probably not worth diverging from upstream.
Took upstream version.
