Commit graph

14149 commits

Author SHA1 Message Date
Renaud Chaput
4534498a8e
Convert <DismissableBanner> to Typescript (#25582) 2023-07-08 11:12:20 +02:00
alfe
20e85c0e83
Rewrite <ShortNumber /> as FC and TS (#25492) 2023-07-08 11:11:58 +02:00
fusagiko / takayamaki
e0d230fb37
simplify counters (#25541) 2023-07-08 11:11:22 +02:00
Matt Jankowski
0f9b803eb3
Regenerate brakeman ignore, pruning warnings (#25749) 2023-07-08 11:07:19 +02:00
Renaud Chaput
9f078e238d
Fix translate button position (#25807) 2023-07-08 00:12:31 +02:00
Claire
0051128387
Bump version to v4.1.4 (#25805) 2023-07-07 19:42:03 +02:00
Renaud Chaput
d481e72e85
Tag images with the latest tag only when running against the latest stable branch (#25803) 2023-07-07 19:31:55 +02:00
Claire
b6d173b459
Fix crash in admin interface when viewing a remote user with verified links (#25796) 2023-07-07 18:10:17 +02:00
Claire
71d44949bf
Fix branding:generate_app_icons failing because of disallowed ICO coder (#25794) 2023-07-07 18:10:00 +02:00
nemobis
dfedf0ec64
Fix typo in CHANGELOG.md (#25764) 2023-07-07 14:15:54 +02:00
renovate[bot]
8b624553ef
Update dependency sanitize to v6.0.2 [SECURITY] (#25777)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-07-07 13:35:54 +02:00
Claire
94fbac77e7
Fix processing of media files with unusual names (#25788) 2023-07-07 13:35:22 +02:00
Claire
5e1752ce3f
Bump version to v4.1.3 (#25757) 2023-07-06 15:14:42 +02:00
Claire
610731b03d
Merge pull request from GHSA-55j9-c3mp-6fcq 2023-07-06 15:06:49 +02:00
Claire
c5929798bf
Merge pull request from GHSA-9pxv-6qvf-pjwc
* Fix timeout handling of outbound HTTP requests

* Use CLOCK_MONOTONIC instead of Time.now
2023-07-06 15:06:23 +02:00
Claire
dc8f1fbd97
Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Claire
6d8e0fae3e
Merge pull request from GHSA-ccm4-vgcc-73hp
* Tighten allowed HTML in oEmbed-based preview cards

* Sanitize preview cards at render time

* Add `sandbox` attribute to preview card iframes
2023-07-06 15:03:33 +02:00
Claire
fed9cbfd2b
Add hardened headers to user-uploaded files (#25756) 2023-07-06 14:31:37 +02:00
Eugen Rochko
000b835803
Add canonical link tags in web UI (#25715) 2023-07-05 11:25:27 +02:00
Eugen Rochko
b7910bc751
Add button to see results for polls in web UI (#25726) 2023-07-05 10:32:04 +02:00
Claire
eb2417ce99
Fix OAuth apps page crashing when listing apps with certain admin API scopes (#25713) 2023-07-04 18:58:23 +02:00
Claire
4658263b4a
Fix re-activated accounts being deleted by AccountDeletionWorker (#25711) 2023-07-04 18:36:24 +02:00
Trevor Wolf
182fd93a07
fix read more button overlapping thread line bug (#25706) 2023-07-04 14:57:46 +02:00
Claire
12fa24a885
Fix forgotten unconfirmed_email migration file (#25702) 2023-07-04 11:25:29 +02:00
mogaminsk
6268188543
Fix local live feeds does not expand (#25694) 2023-07-04 00:37:57 +02:00
forsamori
d9a5c1acfa
Add at-symbol prepended to mention span title (#25684)
Co-authored-by: Sam BC <samuel.balbirnie-cumming@xdesign.com>
2023-07-03 22:58:10 +02:00
Eugen Rochko
54a10523e2
Change labels of live feeds tabs in web UI (#25683) 2023-07-03 22:57:18 +02:00
Daniel M Brasil
383c00819c
Fix /api/v2/search not working with following query param (#25681) 2023-07-03 18:06:57 +02:00
Eugen Rochko
69e124e2ed
Fix regression of icon button colors in web UI (#25679) 2023-07-03 16:51:04 +02:00
Trevor Wolf
54cb679c19
Change button colors to increase hover/focus contrast and consistency (#25677) 2023-07-03 11:32:31 +02:00
Claire
e6a8faae81
Add users index on unconfirmed_email (#25672) 2023-07-02 19:41:35 +02:00
Claire
933ba1a3eb
Add superapp index on oauth_applications (#25670) 2023-07-02 16:56:16 +02:00
Claire
180f0e6715
Fix inefficient query when requesting a new confirmation email from a logged-in account (#25669) 2023-07-02 16:08:58 +02:00
Eugen Rochko
ba06a2f104
Revert "Rails 7 update" (#25667) 2023-07-02 11:14:22 +02:00
mogaminsk
5b46345459
Prevent duplicate concurrent calls of /api/*/instance in web UI (#25663) 2023-07-02 11:12:16 +02:00
Eugen Rochko
0512537eb6
Change dropdown icon above compose form from ellipsis to bars in web UI (#25661) 2023-07-02 10:39:55 +02:00
Matt Jankowski
50c2a03695
Rails 7 update (#24241) 2023-07-02 10:38:53 +02:00
Daniel M Brasil
4fe2d7cb59
Fix HTTP 500 in /api/v1/emails/check_confirmation (#25595) 2023-07-02 00:05:44 +02:00
Claire
cea9db5a0b
Change local and federated timelines to be in a single firehose column (#25641) 2023-07-02 00:05:10 +02:00
Matt Jankowski
0139b1c8e1
Update uri to version 0.12.2 (CVE fix) (#25657) 2023-07-02 00:04:21 +02:00
Matt Jankowski
f8bd581126
Remove unused routes (#25578) 2023-07-01 21:48:53 +02:00
Matt Jankowski
683ba5ecb1
Fix rails rewhere deprecation warning in directories api controller (#25625) 2023-07-01 21:48:16 +02:00
Matt Jankowski
c47cdf6e17
Add index to backups on user_id column (#25647) 2023-06-30 19:09:03 +02:00
Renaud Chaput
78ba12f0bf
Use an Immutable Record as the root state (#25584) 2023-06-30 17:03:25 +02:00
Claire
9934949fc4
Fix onboarding prompt being displayed because of disconnection gaps (#25617) 2023-06-30 16:32:12 +02:00
Eugen Rochko
8bfbd19d2b Update Crowdin configuration file 2023-06-30 16:22:40 +02:00
Renaud Chaput
c4a8c332b2
Remove pkg-config gem dependency (#25615) 2023-06-30 14:59:07 +02:00
Claire
a209d1e683
Fix ResolveURLService not resolving local URLs for remote content (#25637) 2023-06-29 14:48:54 +02:00
jsgoldstein
4581a528f7
Change account search to match by text when opted-in (#25599)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-06-29 13:05:21 +02:00
Claire
285a691936
Remove the search button from UI header when logged out (#25631) 2023-06-28 14:57:51 +02:00