Merge branch 'mergeback/2.5.1' into 'develop'

mergeback: 2.5.1

See merge request pleroma/pleroma!3846
This commit is contained in:
tusooa 2023-03-02 02:25:11 +00:00
commit 714bf0cb23
75 changed files with 147 additions and 75 deletions

View file

@ -16,6 +16,24 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
### Removed ### Removed
## 2.5.1
### Added
- Allow customizing instance languages
### Fixed
- Security: uploading HTTP endpoint can no longer create directories in the upload dir (internal APIs, like backup, still can do it.)
- ~ character in urls in Markdown posts are handled properly
- Exiftool upload filter will now ignore SVG files
- Fix `block_from_stranger` setting
- Fix rel="me"
- Docker images will now run properly
- Fix inproper content being cached in report content
- Notification filter on object content will not operate on the ones that inherently have no content
- ZWNJ and double dots in links are parsed properly for Plain-text posts
- OTP releases will work on systems with a newer libcrypt
- Errors when running Exiftool.ReadDescription filter will not be filled into the image description
## 2.5.0 - 2022-12-23 ## 2.5.0 - 2022-12-23
### Removed ### Removed

View file

@ -1453,13 +1453,22 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
@spec upload(Upload.source(), keyword()) :: {:ok, Object.t()} | {:error, any()} @spec upload(Upload.source(), keyword()) :: {:ok, Object.t()} | {:error, any()}
def upload(file, opts \\ []) do def upload(file, opts \\ []) do
with {:ok, data} <- Upload.store(file, opts) do with {:ok, data} <- Upload.store(sanitize_upload_file(file), opts) do
obj_data = Maps.put_if_present(data, "actor", opts[:actor]) obj_data = Maps.put_if_present(data, "actor", opts[:actor])
Repo.insert(%Object{data: obj_data}) Repo.insert(%Object{data: obj_data})
end end
end end
defp sanitize_upload_file(%Plug.Upload{filename: filename} = upload) when is_binary(filename) do
%Plug.Upload{
upload
| filename: Path.basename(filename)
}
end
defp sanitize_upload_file(upload), do: upload
@spec get_actor_url(any()) :: binary() | nil @spec get_actor_url(any()) :: binary() | nil
defp get_actor_url(url) when is_binary(url), do: url defp get_actor_url(url) when is_binary(url), do: url
defp get_actor_url(%{"href" => href}) when is_binary(href), do: href defp get_actor_url(%{"href" => href}) when is_binary(href), do: href

View file

@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do
def project do def project do
[ [
app: :pleroma, app: :pleroma,
version: version("2.5.50"), version: version("2.5.51"),
elixir: "~> 1.11", elixir: "~> 1.11",
elixirc_paths: elixirc_paths(Mix.env()), elixirc_paths: elixirc_paths(Mix.env()),
compilers: [:phoenix, :gettext] ++ Mix.compilers(), compilers: [:phoenix, :gettext] ++ Mix.compilers(),

View file

@ -1 +1 @@
<!DOCTYPE html><html lang=en><head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,user-scalable=no"><!--server-generated-meta--><link rel=icon type=image/png href=/favicon.png><script defer=defer src=/static/js/9169.335214f6ab57538eae0b.js></script><script defer=defer src=/static/js/app.4c23e08cf351a54f4177.js></script><link href=/static/css/app.86977512e08af1f17d78.css rel=stylesheet></head><body class=hidden><noscript>To use Pleroma, please enable JavaScript.</noscript><div id=app></div><div id=popovers></body></html> <!DOCTYPE html><html lang=en><head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,user-scalable=no"><!--server-generated-meta--><link rel=icon type=image/png href=/favicon.png><script defer=defer src=/static/js/2724.e4840c73281069ba54ab.js></script><script defer=defer src=/static/js/app.8d2126d35dba9482db51.js></script><link href=/static/css/app.48e52505beba5b9ab69b.css rel=stylesheet></head><body class=hidden><noscript>To use Pleroma, please enable JavaScript.</noscript><div id=app></div><div id=modal></div><div id=popovers></body></html>

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

View file

@ -1,2 +0,0 @@
.async-component-error{align-items:center;display:flex;height:100%;justify-content:center}.async-component-error .btn{margin:.5em;padding:.5em 2em}.settings-modal{overflow:hidden}.settings-modal .option-list,.settings-modal .setting-list{list-style-type:none;padding-left:2em}.settings-modal .option-list li,.settings-modal .setting-list li{margin-bottom:.5em}.settings-modal .option-list .suboptions,.settings-modal .setting-list .suboptions{margin-top:.3em}.settings-modal.peek .settings-modal-panel{transform:translateY(calc(50vh + 50% - 50px))}@media (max-width:800px){.settings-modal.peek .settings-modal-panel{transform:translateY(calc(100% - 50px))}}.settings-modal .settings-modal-panel{height:90vh;max-width:90vw;overflow:hidden;transition:transform;transition-duration:.3s;transition-timing-function:ease-in-out;width:1000px}@media (max-width:800px){.settings-modal .settings-modal-panel{height:100%;max-width:100vw}}.settings-modal .settings-modal-panel>.panel-body{height:100%;overflow-y:hidden}.settings-modal .settings-modal-panel>.panel-body .btn{min-height:2em;min-width:10em;padding:0 2em}.settings-modal .settings-footer{display:flex}.settings-modal .settings-footer>*{margin-right:.5em}.settings-modal .settings-footer .extra-content{display:flex;flex-grow:1}
/*# sourceMappingURL=1325.715a7f40cdd53f460ef4.css.map*/

View file

@ -1 +0,0 @@
{"version":3,"file":"static/css/1325.715a7f40cdd53f460ef4.css","mappings":"AACA,uBAGE,mBAFA,aACA,YAEA,uBACA,4BACE,YACA,iBCPJ,gBACE,gBAEA,2DAEE,qBACA,iBACA,iEACE,mBAEF,mFACE,gBAKF,2CASE,8CAEA,yBAXF,2CAeI,yCAKN,sCAOE,YADA,eALA,gBACA,qBAEA,wBADA,uCAEA,YAEA,CAEA,yBATF,sCAWI,YADA,eACA,EAGF,kDACE,YACA,kBAEA,uDACE,eACA,eACA,cAKN,iCACE,aACA,mCACE,kBAGF,gDACE,aACA","sources":["webpack://pleroma_fe/./src/components/async_component_error/async_component_error.vue","webpack://pleroma_fe/./src/components/settings_modal/settings_modal.scss"],"sourcesContent":["\n.async-component-error {\n display: flex;\n height: 100%;\n align-items: center;\n justify-content: center;\n .btn {\n margin: .5em;\n padding: .5em 2em;\n }\n}\n","@import 'src/_variables.scss';\n.settings-modal {\n overflow: hidden;\n\n .setting-list,\n .option-list {\n list-style-type: none;\n padding-left: 2em;\n li {\n margin-bottom: 0.5em;\n }\n .suboptions {\n margin-top: 0.3em\n }\n }\n\n &.peek {\n .settings-modal-panel {\n /* Explanation:\n * Modal is positioned vertically centered.\n * 100vh - 100% = Distance between modal's top+bottom boundaries and screen\n * (100vh - 100%) / 2 = Distance between bottom (or top) boundary and screen\n * + 100% - we move modal completely off-screen, it's top boundary touches\n * bottom of the screen\n * - 50px - leaving tiny amount of space so that titlebar + tiny amount of modal is visible\n */\n transform: translateY(calc(((100vh - 100%) / 2 + 100%) - 50px));\n\n @media all and (max-width: 800px) {\n /* For mobile, the modal takes 100% of the available screen.\n This ensures the minimized modal is always 50px above the browser bottom bar regardless of whether or not it is visible.\n */\n transform: translateY(calc(100% - 50px));\n }\n }\n }\n\n .settings-modal-panel {\n overflow: hidden;\n transition: transform;\n transition-timing-function: ease-in-out;\n transition-duration: 300ms;\n width: 1000px;\n max-width: 90vw;\n height: 90vh;\n\n @media all and (max-width: 800px) {\n max-width: 100vw;\n height: 100%;\n }\n\n >.panel-body {\n height: 100%;\n overflow-y: hidden;\n\n .btn {\n min-height: 2em;\n min-width: 10em;\n padding: 0 2em;\n }\n }\n }\n\n .settings-footer {\n display: flex;\n >* {\n margin-right: 0.5em;\n }\n\n .extra-content {\n display: flex;\n flex-grow: 1;\n }\n }\n}\n"],"names":[],"sourceRoot":""}

View file

@ -1,2 +1,2 @@
.sticker-picker{width:100%}.sticker-picker .contents{min-height:250px}.sticker-picker .contents .sticker-picker-content{display:flex;flex-wrap:wrap;padding:0 4px}.sticker-picker .contents .sticker-picker-content .sticker{display:flex;flex:1 1 auto;height:56px;margin:4px;width:56px}.sticker-picker .contents .sticker-picker-content .sticker img{height:100%}.sticker-picker .contents .sticker-picker-content .sticker img:hover{filter:drop-shadow(0 0 5px var(--accent,#d8a070))} .sticker-picker{width:100%}.sticker-picker .contents{min-height:250px}.sticker-picker .contents .sticker-picker-content{display:flex;flex-wrap:wrap;padding:0 4px}.sticker-picker .contents .sticker-picker-content .sticker{display:flex;flex:1 1 auto;height:56px;margin:4px;width:56px}.sticker-picker .contents .sticker-picker-content .sticker img{height:100%}.sticker-picker .contents .sticker-picker-content .sticker img:hover{filter:drop-shadow(0 0 5px var(--accent,#d8a070))}
/*# sourceMappingURL=8532.88b90ac86f3060a3144e.css.map*/ /*# sourceMappingURL=159.1d523a00378ebd68c5b3.css.map*/

View file

@ -0,0 +1 @@
{"version":3,"file":"static/css/159.1d523a00378ebd68c5b3.css","mappings":"AAGA,gBACE,WAEA,0BACE,iBAEA,kDACE,aACA,eACA,cAEA,2DACE,aACA,cAGA,YAFA,WACA,UACA,CAEA,+DACE,YAEA,qEACE","sources":["webpack://pleroma_fe/./src/components/sticker_picker/sticker_picker.vue"],"sourcesContent":["\n@import \"../../variables\";\n\n.sticker-picker {\n width: 100%;\n\n .contents {\n min-height: 250px;\n\n .sticker-picker-content {\n display: flex;\n flex-wrap: wrap;\n padding: 0 4px;\n\n .sticker {\n display: flex;\n flex: 1 1 auto;\n margin: 4px;\n width: 56px;\n height: 56px;\n\n img {\n height: 100%;\n\n &:hover {\n filter: drop-shadow(0 0 5px var(--accent, $fallback--link));\n }\n }\n }\n }\n }\n}\n\n"],"names":[],"sourceRoot":""}

View file

@ -0,0 +1,2 @@
.async-component-error{align-items:center;display:flex;height:100%;justify-content:center}.async-component-error .btn{margin:.5em;padding:.5em 2em}.settings-modal{overflow:hidden}.settings-modal .option-list,.settings-modal .setting-list{list-style-type:none;padding-left:2em}.settings-modal .option-list li,.settings-modal .setting-list li{margin-bottom:.5em}.settings-modal .option-list .suboptions,.settings-modal .setting-list .suboptions{margin-top:.3em}.settings-modal .settings-modal-panel{height:90vh;max-width:90vw;overflow:hidden;transition:transform;transition-duration:.3s;transition-timing-function:ease-in-out;width:1000px}@media (max-width:800px){.settings-modal .settings-modal-panel{height:100%;max-width:100vw}}.settings-modal .settings-modal-panel>.panel-body{height:100%;overflow-y:hidden}.settings-modal .settings-modal-panel>.panel-body .btn{min-height:2em;min-width:10em;padding:0 2em}.settings-modal .settings-footer{display:flex}.settings-modal .settings-footer>*{margin-right:.5em}.settings-modal .settings-footer .extra-content{display:flex;flex-grow:1}.settings-modal.peek .settings-modal-panel{transform:translateY(calc(50vh + 50% - 50px))}@media (max-width:800px){.settings-modal.peek .settings-modal-panel{transform:translateY(calc(100% - 50px))}}
/*# sourceMappingURL=5948.06d2a0d84620cba6a4fb.css.map*/

View file

@ -0,0 +1 @@
{"version":3,"file":"static/css/5948.06d2a0d84620cba6a4fb.css","mappings":"AACA,uBAGE,mBAFA,aACA,YAEA,uBAEA,4BACE,YACA,iBCPJ,gBACE,gBAEA,2DAEE,qBACA,iBAEA,iEACE,mBAGF,mFACE,gBAIJ,sCAOE,YADA,eALA,gBACA,qBAEA,wBADA,uCAEA,YAEA,CAEA,yBATF,sCAWI,YADA,eACA,EAGF,kDACE,YACA,kBAEA,uDACE,eACA,eACA,cAKN,iCACE,aAEA,mCACE,kBAGF,gDACE,aACA,YAKF,2CASE,8CAEA,yBAXF,2CAgBI","sources":["webpack://pleroma_fe/./src/components/async_component_error/async_component_error.vue","webpack://pleroma_fe/./src/components/settings_modal/settings_modal.scss"],"sourcesContent":["\n.async-component-error {\n display: flex;\n height: 100%;\n align-items: center;\n justify-content: center;\n\n .btn {\n margin: 0.5em;\n padding: 0.5em 2em;\n }\n}\n","@import \"src/variables\";\n\n.settings-modal {\n overflow: hidden;\n\n .setting-list,\n .option-list {\n list-style-type: none;\n padding-left: 2em;\n\n li {\n margin-bottom: 0.5em;\n }\n\n .suboptions {\n margin-top: 0.3em;\n }\n }\n\n .settings-modal-panel {\n overflow: hidden;\n transition: transform;\n transition-timing-function: ease-in-out;\n transition-duration: 300ms;\n width: 1000px;\n max-width: 90vw;\n height: 90vh;\n\n @media all and (max-width: 800px) {\n max-width: 100vw;\n height: 100%;\n }\n\n >.panel-body {\n height: 100%;\n overflow-y: hidden;\n\n .btn {\n min-height: 2em;\n min-width: 10em;\n padding: 0 2em;\n }\n }\n }\n\n .settings-footer {\n display: flex;\n\n >* {\n margin-right: 0.5em;\n }\n\n .extra-content {\n display: flex;\n flex-grow: 1;\n }\n }\n\n &.peek {\n .settings-modal-panel {\n /* Explanation:\n * Modal is positioned vertically centered.\n * 100vh - 100% = Distance between modal's top+bottom boundaries and screen\n * (100vh - 100%) / 2 = Distance between bottom (or top) boundary and screen\n * + 100% - we move modal completely off-screen, it's top boundary touches\n * bottom of the screen\n * - 50px - leaving tiny amount of space so that titlebar + tiny amount of modal is visible\n */\n transform: translateY(calc(((100vh - 100%) / 2 + 100%) - 50px));\n\n @media all and (max-width: 800px) {\n /* For mobile, the modal takes 100% of the available screen.\n This ensures the minimized modal is always 50px above the browser bottom\n bar regardless of whether or not it is visible.\n */\n transform: translateY(calc(100% - 50px));\n }\n }\n }\n}\n"],"names":[],"sourceRoot":""}

View file

@ -1,2 +1,2 @@
.UpdateNotification{overflow:hidden}.UpdateNotificationModal{--__top-fringe:15em;--__bottom-fringe:80em;--__right-fringe:8em;font-size:15px;position:relative;transition:transform;transition-duration:.5s;transition-timing-function:ease-in-out}.UpdateNotificationModal .text{max-width:40em;padding-left:1em}@media (max-width:800px){.UpdateNotificationModal{width:100vw}}@media (max-height:600px){.UpdateNotificationModal{display:none}}.UpdateNotificationModal .content{margin-bottom:calc(var(--__bottom-fringe)*-1);margin-right:calc(var(--__right-fringe)*-1);margin-top:calc(var(--__top-fringe)*-1);overflow:hidden}.UpdateNotificationModal .content.-noImage .text{padding-right:var(--__right-fringe)}.UpdateNotificationModal .panel-body{border-color:var(--border,#222);border-style:solid;border-width:0 0 1px}.UpdateNotificationModal .panel-footer{border-width:0;grid-template-columns:auto;position:relative;z-index:22}.UpdateNotificationModal .pleroma-tan{filter:drop-shadow(5px 5px 10px rgba(0,0,0,.5));float:right;-o-object-fit:cover;object-fit:cover;-o-object-position:top;object-position:top;pointer-events:none;position:relative;shape-margin:.5em;transition:position,left,right,top,bottom,max-width,max-height;transition-duration:.5s;transition-timing-function:ease-in-out;width:25em;z-index:20}.UpdateNotificationModal .spacer-top{min-height:var(--__top-fringe)}.UpdateNotificationModal .spacer-bottom{min-height:var(--__bottom-fringe)}.UpdateNotificationModal .extra-info-group{-webkit-mask:linear-gradient(0deg,#fff,transparent) bottom/100% 2px no-repeat,linear-gradient(0deg,#fff,#fff);mask:linear-gradient(0deg,#fff,transparent) bottom/100% 2px no-repeat,linear-gradient(0deg,#fff,#fff);max-height:70vh;transition:max-height,padding,height;transition-duration:.7s;transition-timing-function:ease-in}.UpdateNotificationModal .art-credit{text-align:right}.UpdateNotificationModal.-peek{transform:translateY(calc(50vh - 50%))}.UpdateNotificationModal.-peek .pleroma-tan{float:right;shape-image-threshold:.7;z-index:10}.UpdateNotificationModal.-peek .extra-info-group{max-height:0} .UpdateNotification{overflow:hidden}.UpdateNotificationModal{--__top-fringe:15em;--__bottom-fringe:80em;--__right-fringe:8em;font-size:15px;position:relative;transition:transform;transition-duration:.5s;transition-timing-function:ease-in-out}.UpdateNotificationModal .text{max-width:40em;padding-left:1em}@media (max-width:800px){.UpdateNotificationModal{width:100vw}}@media (max-height:600px){.UpdateNotificationModal{display:none}}.UpdateNotificationModal .content{margin-bottom:calc(var(--__bottom-fringe)*-1);margin-right:calc(var(--__right-fringe)*-1);margin-top:calc(var(--__top-fringe)*-1);overflow:hidden}.UpdateNotificationModal .content.-noImage .text{padding-right:var(--__right-fringe)}.UpdateNotificationModal .panel-body{border-color:var(--border,#222);border-style:solid;border-width:0 0 1px}.UpdateNotificationModal .panel-footer{border-width:0;grid-template-columns:auto;position:relative;z-index:22}.UpdateNotificationModal .pleroma-tan{filter:drop-shadow(5px 5px 10px rgba(0,0,0,.5));float:right;-o-object-fit:cover;object-fit:cover;-o-object-position:top;object-position:top;pointer-events:none;position:relative;shape-margin:.5em;transition:position,left,right,top,bottom,max-width,max-height;transition-duration:.5s;transition-timing-function:ease-in-out;width:25em;z-index:20}.UpdateNotificationModal .spacer-top{min-height:var(--__top-fringe)}.UpdateNotificationModal .spacer-bottom{min-height:var(--__bottom-fringe)}.UpdateNotificationModal .extra-info-group{-webkit-mask:linear-gradient(0deg,#fff,transparent) bottom/100% 2px no-repeat,linear-gradient(0deg,#fff,#fff);mask:linear-gradient(0deg,#fff,transparent) bottom/100% 2px no-repeat,linear-gradient(0deg,#fff,#fff);max-height:70vh;transition:max-height,padding,height;transition-duration:.7s;transition-timing-function:ease-in}.UpdateNotificationModal .art-credit{text-align:right}.UpdateNotificationModal.-peek{transform:translateY(calc(50vh - 50%))}.UpdateNotificationModal.-peek .pleroma-tan{float:right;shape-image-threshold:70%;z-index:10}.UpdateNotificationModal.-peek .extra-info-group{max-height:0}
/*# sourceMappingURL=6464.2fa2e5f1fa93842c62b1.css.map*/ /*# sourceMappingURL=6464.169260b661120cc50815.css.map*/

View file

@ -0,0 +1 @@
{"version":3,"file":"static/css/6464.169260b661120cc50815.css","mappings":"AAEA,oBACE,gBAGF,yBACE,mBAAoB,CACpB,sBAAuB,CACvB,oBAAqB,CAErB,eACA,kBACA,qBAEA,wBADA,sCACA,CAEA,+BACE,eACA,iBAGF,yBAhBF,yBAqBI,aAGF,0BAxBF,yBAyBI,cAGF,kCAGE,8CACA,4CAFA,wCADA,eAGA,CAGE,iDACE,oCAKN,qCAGE,gCADA,mBADA,oBAEA,CAGF,uCAGE,eACA,2BAFA,kBADA,UAGA,CAGF,sCAWE,gDAJA,YANA,qCACA,2CAUA,oBAHA,kBACA,kBAPA,+DAEA,wBADA,uCAEA,WAEA,UAIA,CAGF,qCACE,+BAGF,wCACE,kCAGF,2CAKE,6GACE,CADF,sGADA,gBAHA,qCAEA,wBADA,kCAIE,CAIJ,qCACE,iBAGF,+BAKE,uCAEA,4CACE,YAEA,0BADA,UACA,CAGF,iDACE","sources":["webpack://pleroma_fe/./src/components/update_notification/update_notification.scss"],"sourcesContent":["@import \"src/variables\";\n\n.UpdateNotification {\n overflow: hidden;\n}\n\n.UpdateNotificationModal {\n --__top-fringe: 15em; // how much pleroma-tan should stick her head above\n --__bottom-fringe: 80em; // just reserving as much as we can, number is mostly irrelevant\n --__right-fringe: 8em;\n\n font-size: 15px;\n position: relative;\n transition: transform;\n transition-timing-function: ease-in-out;\n transition-duration: 500ms;\n\n .text {\n max-width: 40em;\n padding-left: 1em;\n }\n\n @media all and (max-width: 800px) {\n /* For mobile, the modal takes 100% of the available screen.\n This ensures the minimized modal is always 50px above the browser\n bottom bar regardless of whether or not it is visible.\n */\n width: 100vw;\n }\n\n @media all and (max-height: 600px) {\n display: none;\n }\n\n .content {\n overflow: hidden;\n margin-top: calc(-1 * var(--__top-fringe));\n margin-bottom: calc(-1 * var(--__bottom-fringe));\n margin-right: calc(-1 * var(--__right-fringe));\n\n &.-noImage {\n .text {\n padding-right: var(--__right-fringe);\n }\n }\n }\n\n .panel-body {\n border-width: 0 0 1px;\n border-style: solid;\n border-color: var(--border, $fallback--border);\n }\n\n .panel-footer {\n z-index: 22;\n position: relative;\n border-width: 0;\n grid-template-columns: auto;\n }\n\n .pleroma-tan {\n object-fit: cover;\n object-position: top;\n transition: position, left, right, top, bottom, max-width, max-height;\n transition-timing-function: ease-in-out;\n transition-duration: 500ms;\n width: 25em;\n float: right;\n z-index: 20;\n position: relative;\n shape-margin: 0.5em;\n filter: drop-shadow(5px 5px 10px rgb(0 0 0 / 50%));\n pointer-events: none;\n }\n\n .spacer-top {\n min-height: var(--__top-fringe);\n }\n\n .spacer-bottom {\n min-height: var(--__bottom-fringe);\n }\n\n .extra-info-group {\n transition: max-height, padding, height;\n transition-timing-function: ease-in;\n transition-duration: 700ms;\n max-height: 70vh;\n mask:\n linear-gradient(to top, white, transparent) bottom/100% 2px no-repeat,\n linear-gradient(to top, white, white);\n }\n\n .art-credit {\n text-align: right;\n }\n\n &.-peek {\n /* Explanation:\n * 100vh - 100% = Distance between modal's top+bottom boundaries and screen\n * (100vh - 100%) / 2 = Distance between bottom (or top) boundary and screen\n */\n transform: translateY(calc(((100vh - 100%) / 2)));\n\n .pleroma-tan {\n float: right;\n z-index: 10;\n shape-image-threshold: 70%;\n }\n\n .extra-info-group {\n max-height: 0;\n }\n }\n}\n"],"names":[],"sourceRoot":""}

View file

@ -1 +0,0 @@
{"version":3,"file":"static/css/6464.2fa2e5f1fa93842c62b1.css","mappings":"AACA,oBACE,gBAGF,yBACE,mBAAoB,CACpB,sBAAuB,CACvB,oBAAqB,CAErB,eACA,kBACA,qBAEA,wBADA,sCACA,CAEA,+BACE,eACA,iBAGF,yBAhBF,yBAoBI,aAGF,0BAvBF,yBAwBI,cAGF,kCAGE,8CACA,4CAFA,wCADA,eAGA,CAGE,iDACE,oCAKN,qCAGE,gCADA,mBADA,oBAEA,CAGF,uCAGE,eACA,2BAFA,kBADA,UAGA,CAGF,sCAWE,gDAJA,YANA,qCACA,2CAUA,oBAHA,kBACA,kBAPA,+DAEA,wBADA,uCAEA,WAEA,UAIA,CAGF,qCACE,+BAGF,wCACE,kCAGF,2CAKE,6GACE,CADF,sGADA,gBAHA,qCAEA,wBADA,kCAIE,CAIJ,qCACE,iBAGF,+BAKE,uCAEA,4CACE,YAEA,yBADA,UACA,CAGF,iDACE","sources":["webpack://pleroma_fe/./src/components/update_notification/update_notification.scss"],"sourcesContent":["@import 'src/_variables.scss';\n.UpdateNotification {\n overflow: hidden;\n}\n\n.UpdateNotificationModal {\n --__top-fringe: 15em; // how much pleroma-tan should stick her head above\n --__bottom-fringe: 80em; // just reserving as much as we can, number is mostly irrelevant\n --__right-fringe: 8em;\n\n font-size: 15px;\n position: relative;\n transition: transform;\n transition-timing-function: ease-in-out;\n transition-duration: 500ms;\n\n .text {\n max-width: 40em;\n padding-left: 1em;\n }\n\n @media all and (max-width: 800px) {\n /* For mobile, the modal takes 100% of the available screen.\n This ensures the minimized modal is always 50px above the browser bottom bar regardless of whether or not it is visible.\n */\n width: 100vw;\n }\n\n @media all and (max-height: 600px) {\n display: none;\n }\n\n .content {\n overflow: hidden;\n margin-top: calc(-1 * var(--__top-fringe));\n margin-bottom: calc(-1 * var(--__bottom-fringe));\n margin-right: calc(-1 * var(--__right-fringe));\n\n &.-noImage {\n .text {\n padding-right: var(--__right-fringe);\n }\n }\n }\n\n .panel-body {\n border-width: 0 0 1px 0;\n border-style: solid;\n border-color: var(--border, $fallback--border);\n }\n\n .panel-footer {\n z-index: 22;\n position: relative;\n border-width: 0;\n grid-template-columns: auto;\n }\n\n .pleroma-tan {\n object-fit: cover;\n object-position: top;\n transition: position, left, right, top, bottom, max-width, max-height;\n transition-timing-function: ease-in-out;\n transition-duration: 500ms;\n width: 25em;\n float: right;\n z-index: 20;\n position: relative;\n shape-margin: 0.5em;\n filter: drop-shadow(5px 5px 10px rgba(0,0,0,0.5));\n pointer-events: none;\n }\n\n .spacer-top {\n min-height: var(--__top-fringe);\n }\n\n .spacer-bottom {\n min-height: var(--__bottom-fringe);\n }\n\n .extra-info-group {\n transition: max-height, padding, height;\n transition-timing-function: ease-in;\n transition-duration: 700ms;\n max-height: 70vh;\n mask:\n linear-gradient(to top, white, transparent) bottom/100% 2px no-repeat,\n linear-gradient(to top, white, white);\n }\n\n .art-credit {\n text-align: right;\n }\n\n &.-peek {\n /* Explanation:\n * 100vh - 100% = Distance between modal's top+bottom boundaries and screen\n * (100vh - 100%) / 2 = Distance between bottom (or top) boundary and screen\n */\n transform: translateY(calc(((100vh - 100%) / 2)));\n\n .pleroma-tan {\n float: right;\n z-index: 10;\n shape-image-threshold: 0.7;\n }\n\n .extra-info-group {\n max-height: 0;\n }\n }\n}\n"],"names":[],"sourceRoot":""}

View file

@ -1 +0,0 @@
{"version":3,"file":"static/css/8532.88b90ac86f3060a3144e.css","mappings":"AAGA,gBACE,WACA,0BACE,iBACA,kDACE,aACA,eACA,cACA,2DACE,aACA,cAGA,YAFA,WACA,UACA,CACA,+DACE,YACA,qEACE","sources":["webpack://pleroma_fe/./src/components/sticker_picker/sticker_picker.vue"],"sourcesContent":["\n@import '../../_variables.scss';\n\n.sticker-picker {\n width: 100%;\n .contents {\n min-height: 250px;\n .sticker-picker-content {\n display: flex;\n flex-wrap: wrap;\n padding: 0 4px;\n .sticker {\n display: flex;\n flex: 1 1 auto;\n margin: 4px;\n width: 56px;\n height: 56px;\n img {\n height: 100%;\n &:hover {\n filter: drop-shadow(0 0 5px var(--accent, $fallback--link));\n }\n }\n }\n }\n }\n}\n\n"],"names":[],"sourceRoot":""}

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

View file

@ -0,0 +1,2 @@
"use strict";(self.webpackChunkpleroma_fe=self.webpackChunkpleroma_fe||[]).push([[159],{30159:(t,e,n)=>{n.r(e),n.d(e,{default:()=>p});var i=n(66252),a=n(49963),c={class:"sticker-picker"},r=["image-tooltip","image"],o=["onClick"],s=["src"],l=n(7257);const u={components:{TabSwitcher:n(79354).Z},data:function(){return{meta:{stickers:[]},path:""}},computed:{pack:function(){return this.$store.state.instance.stickers||[]}},methods:{clear:function(){this.meta={stickers:[]}},pick:function(t,e){var n=this,i=this.$store;fetch(t).then((function(t){t.blob().then((function(t){var a=new File([t],e,{mimetype:"image/png"}),c=new FormData;c.append("file",a),l.Z.uploadMedia({store:i,formData:c}).then((function(t){n.$emit("uploaded",t),n.clear()}),(function(t){console.warn("Can't attach sticker"),console.warn(t),n.$emit("upload-failed","default")}))}))}))}}},p=(0,n(83744).Z)(u,[["render",function(t,e,n,l,u,p){var f=(0,i.up)("tab-switcher");return(0,i.wg)(),(0,i.iD)("div",c,[(0,i.Wm)(f,{class:"tab-switcher","render-only-focused":!0,"scrollable-tabs":""},{default:(0,i.w5)((function(){return[((0,i.wg)(!0),(0,i.iD)(i.HY,null,(0,i.Ko)(t.pack,(function(e){return(0,i.wg)(),(0,i.iD)("div",{key:e.path,"image-tooltip":e.meta.title,image:e.path+e.meta.tabIcon,class:"sticker-picker-content"},[((0,i.wg)(!0),(0,i.iD)(i.HY,null,(0,i.Ko)(e.meta.stickers,(function(n){return(0,i.wg)(),(0,i.iD)("div",{key:n,class:"sticker",onClick:(0,a.iM)((function(i){return t.pick(e.path+n,e.meta.title)}),["stop","prevent"])},[(0,i._)("img",{src:e.path+n},null,8,s)],8,o)})),128))],8,r)})),128))]})),_:1})])}]])}}]);
//# sourceMappingURL=159.3a9274574f1e33801c4a.js.map

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

View file

@ -33,12 +33,6 @@
/*! (c) Andrea Giammarchi - ISC */ /*! (c) Andrea Giammarchi - ISC */
/*! https://mths.be/punycode v1.3.2 by @mathias */
/*! js-cookie v3.0.1 | MIT */ /*! js-cookie v3.0.1 | MIT */
/*! lozad.js - v1.16.0 - 2020-09-06
* https://github.com/ApoorvSaxena/lozad.js
* Copyright (c) 2020 Apoorv Saxena; Licensed MIT */
/*! regenerator-runtime -- Copyright (c) 2014-present, Facebook, Inc. -- license (MIT): https://github.com/facebook/regenerator/blob/main/LICENSE */ /*! regenerator-runtime -- Copyright (c) 2014-present, Facebook, Inc. -- license (MIT): https://github.com/facebook/regenerator/blob/main/LICENSE */

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

View file

@ -1,2 +1,2 @@
"use strict";(self.webpackChunkpleroma_fe=self.webpackChunkpleroma_fe||[]).push([[6464],{16464:(t,e,a)=>{a.r(e),a.d(e,{CURRENT_UPDATE_COUNTER:()=>T,default:()=>N});var n=a(66252),o=a(3577),s=a(49963),i={class:"panel-heading"},r={class:"title"},l={class:"panel-body"},u=["src"],p=(0,n._)("div",{class:"spacer-top"},null,-1),c={class:"text"},d={ref:"animatedText",class:"extra-info-group"},g={target:"_blank",href:"https://git.pleroma.social/"},h={target:"_blank",href:"https://pleroma.social/announcements/"},m={class:"art-credit"},_=(0,n._)("a",{target:"_blank",href:"https://post.ebin.club/users/pipivovott"},"pipivovott",-1),f=(0,n._)("div",{class:"spacer-bottom"},null,-1),w={class:"panel-footer"},v=a(58312),S=a(9382),b=a(31934),k=a(95326),$=a(43011),C=a(68789),y=a(84131);S.vI.add(y.NBC);var T=1;const M={data:function(){return{showingImage:!1,pleromaTanVariant:Math.random()>.5?b:k,showingMore:!1}},components:{Modal:v.Z},computed:{pleromaTanStyles:function(){return{"shape-outside":"url("+(this.pleromaTanVariant===b?$:C)+")"}},shouldShow:function(){return!this.$store.state.instance.disableUpdateNotification&&this.$store.state.users.currentUser&&this.$store.state.serverSideStorage.flagStorage.updateCounter<T&&!this.$store.state.serverSideStorage.prefsStorage.simple.dontShowUpdateNotifs}},methods:{toggleShow:function(){this.showingMore=!this.showingMore},neverShowAgain:function(){this.toggleShow(),this.$store.commit("setFlag",{flag:"updateCounter",value:T}),this.$store.commit("setPreference",{path:"simple.dontShowUpdateNotifs",value:!0}),this.$store.dispatch("pushServerSideStorage")},dismiss:function(){this.$store.commit("setFlag",{flag:"updateCounter",value:T}),this.$store.dispatch("pushServerSideStorage")}},mounted:function(){var t=this;this.contentHeightNoImage=this.$refs.animatedText.scrollHeight;var e=new Image;e.onload=function(){setTimeout((function(){t.showingImage=!0}),100)},e.src=this.pleromaTanVariant===b?$:C}},N=(0,a(83744).Z)(M,[["render",function(t,e,a,v,S,b){var k=(0,n.up)("i18n-t"),$=(0,n.up)("Modal");return(0,n.wg)(),(0,n.j4)($,{"is-open":!!t.shouldShow,class:"UpdateNotification","no-background":!0},{default:(0,n.w5)((function(){return[(0,n._)("div",{class:(0,o.C_)(["UpdateNotificationModal panel",{"-peek":!t.showingMore}])},[(0,n._)("div",i,[(0,n._)("span",r,(0,o.zw)(t.$t("update.big_update_title")),1)]),(0,n._)("div",l,[(0,n._)("div",{class:(0,o.C_)(["content",{"-noImage":!t.showingImage}])},[t.showingImage?((0,n.wg)(),(0,n.iD)("img",{key:0,class:"pleroma-tan",src:t.pleromaTanVariant,style:(0,o.j5)(t.pleromaTanStyles)},null,12,u)):(0,n.kq)("",!0),p,(0,n._)("div",c,[(0,n._)("p",null,(0,o.zw)(t.$t("update.big_update_content")),1),(0,n._)("div",d,[(0,n.Wm)(k,{keypath:"update.update_bugs",tag:"p"},{pleromaGitlab:(0,n.w5)((function(){return[(0,n._)("a",g,(0,o.zw)(t.$t("update.update_bugs_gitlab")),1)]})),_:1}),(0,n.Wm)(k,{keypath:"update.update_changelog",tag:"p"},{theFullChangelog:(0,n.w5)((function(){return[(0,n._)("a",h,(0,o.zw)(t.$t("update.update_changelog_here")),1)]})),_:1}),(0,n._)("p",m,[(0,n.Wm)(k,{keypath:"update.art_by",tag:"small"},{linkToArtist:(0,n.w5)((function(){return[_]})),_:1})])],512)]),f],2)]),(0,n._)("div",w,[(0,n._)("button",{class:"button-default",onClick:e[0]||(e[0]=(0,s.iM)((function(){return t.neverShowAgain&&t.neverShowAgain.apply(t,arguments)}),["prevent"]))},(0,o.zw)(t.$t("general.never_show_again")),1),t.showingMore?(0,n.kq)("",!0):((0,n.wg)(),(0,n.iD)("button",{key:0,class:"button-default",onClick:e[1]||(e[1]=(0,s.iM)((function(){return t.toggleShow&&t.toggleShow.apply(t,arguments)}),["prevent"]))},(0,o.zw)(t.$t("general.show_more")),1)),(0,n._)("button",{class:"button-default",onClick:e[2]||(e[2]=(0,s.iM)((function(){return t.dismiss&&t.dismiss.apply(t,arguments)}),["prevent"]))},(0,o.zw)(t.$t("general.dismiss")),1)])],2)]})),_:1},8,["is-open"])}]])}}]); "use strict";(self.webpackChunkpleroma_fe=self.webpackChunkpleroma_fe||[]).push([[6464],{16464:(t,e,a)=>{a.r(e),a.d(e,{CURRENT_UPDATE_COUNTER:()=>T,default:()=>N});var n=a(66252),o=a(3577),s=a(49963),i={class:"panel-heading"},r={class:"title"},l={class:"panel-body"},u=["src"],p=(0,n._)("div",{class:"spacer-top"},null,-1),c={class:"text"},d={ref:"animatedText",class:"extra-info-group"},g={target:"_blank",href:"https://git.pleroma.social/"},h={target:"_blank",href:"https://pleroma.social/announcements/"},m={class:"art-credit"},_=(0,n._)("a",{target:"_blank",href:"https://post.ebin.club/users/pipivovott"},"pipivovott",-1),f=(0,n._)("div",{class:"spacer-bottom"},null,-1),w={class:"panel-footer"},v=a(48328),S=a(9382),b=a(31934),k=a(95326),$=a(43011),C=a(68789),y=a(84131);S.vI.add(y.NBC);var T=1;const M={data:function(){return{showingImage:!1,pleromaTanVariant:Math.random()>.5?b:k,showingMore:!1}},components:{Modal:v.Z},computed:{pleromaTanStyles:function(){return{"shape-outside":"url("+(this.pleromaTanVariant===b?$:C)+")"}},shouldShow:function(){return!this.$store.state.instance.disableUpdateNotification&&this.$store.state.users.currentUser&&this.$store.state.serverSideStorage.flagStorage.updateCounter<T&&!this.$store.state.serverSideStorage.prefsStorage.simple.dontShowUpdateNotifs}},methods:{toggleShow:function(){this.showingMore=!this.showingMore},neverShowAgain:function(){this.toggleShow(),this.$store.commit("setFlag",{flag:"updateCounter",value:T}),this.$store.commit("setPreference",{path:"simple.dontShowUpdateNotifs",value:!0}),this.$store.dispatch("pushServerSideStorage")},dismiss:function(){this.$store.commit("setFlag",{flag:"updateCounter",value:T}),this.$store.dispatch("pushServerSideStorage")}},mounted:function(){var t=this;this.contentHeightNoImage=this.$refs.animatedText.scrollHeight;var e=new Image;e.onload=function(){setTimeout((function(){t.showingImage=!0}),100)},e.src=this.pleromaTanVariant===b?$:C}},N=(0,a(83744).Z)(M,[["render",function(t,e,a,v,S,b){var k=(0,n.up)("i18n-t"),$=(0,n.up)("Modal");return(0,n.wg)(),(0,n.j4)($,{"is-open":!!t.shouldShow,class:"UpdateNotification","no-background":!0},{default:(0,n.w5)((function(){return[(0,n._)("div",{class:(0,o.C_)(["UpdateNotificationModal panel",{"-peek":!t.showingMore}])},[(0,n._)("div",i,[(0,n._)("span",r,(0,o.zw)(t.$t("update.big_update_title")),1)]),(0,n._)("div",l,[(0,n._)("div",{class:(0,o.C_)(["content",{"-noImage":!t.showingImage}])},[t.showingImage?((0,n.wg)(),(0,n.iD)("img",{key:0,class:"pleroma-tan",src:t.pleromaTanVariant,style:(0,o.j5)(t.pleromaTanStyles)},null,12,u)):(0,n.kq)("",!0),p,(0,n._)("div",c,[(0,n._)("p",null,(0,o.zw)(t.$t("update.big_update_content")),1),(0,n._)("div",d,[(0,n.Wm)(k,{keypath:"update.update_bugs",tag:"p"},{pleromaGitlab:(0,n.w5)((function(){return[(0,n._)("a",g,(0,o.zw)(t.$t("update.update_bugs_gitlab")),1)]})),_:1}),(0,n.Wm)(k,{keypath:"update.update_changelog",tag:"p"},{theFullChangelog:(0,n.w5)((function(){return[(0,n._)("a",h,(0,o.zw)(t.$t("update.update_changelog_here")),1)]})),_:1}),(0,n._)("p",m,[(0,n.Wm)(k,{keypath:"update.art_by",tag:"small"},{linkToArtist:(0,n.w5)((function(){return[_]})),_:1})])],512)]),f],2)]),(0,n._)("div",w,[(0,n._)("button",{class:"button-default",onClick:e[0]||(e[0]=(0,s.iM)((function(){return t.neverShowAgain&&t.neverShowAgain.apply(t,arguments)}),["prevent"]))},(0,o.zw)(t.$t("general.never_show_again")),1),t.showingMore?(0,n.kq)("",!0):((0,n.wg)(),(0,n.iD)("button",{key:0,class:"button-default",onClick:e[1]||(e[1]=(0,s.iM)((function(){return t.toggleShow&&t.toggleShow.apply(t,arguments)}),["prevent"]))},(0,o.zw)(t.$t("general.show_more")),1)),(0,n._)("button",{class:"button-default",onClick:e[2]||(e[2]=(0,s.iM)((function(){return t.dismiss&&t.dismiss.apply(t,arguments)}),["prevent"]))},(0,o.zw)(t.$t("general.dismiss")),1)])],2)]})),_:1},8,["is-open"])}]])}}]);
//# sourceMappingURL=6464.2ababce187697ee8b1e9.js.map //# sourceMappingURL=6464.fea96fa80a7373e4e5f8.js.map

View file

@ -1,2 +0,0 @@
"use strict";(self.webpackChunkpleroma_fe=self.webpackChunkpleroma_fe||[]).push([[8532],{68532:(t,e,n)=>{n.r(e),n.d(e,{default:()=>p});var i=n(66252),a=n(49963),c={class:"sticker-picker"},r=["image-tooltip","image"],o=["onClick"],s=["src"],l=n(7257);const u={components:{TabSwitcher:n(79354).Z},data:function(){return{meta:{stickers:[]},path:""}},computed:{pack:function(){return this.$store.state.instance.stickers||[]}},methods:{clear:function(){this.meta={stickers:[]}},pick:function(t,e){var n=this,i=this.$store;fetch(t).then((function(t){t.blob().then((function(t){var a=new File([t],e,{mimetype:"image/png"}),c=new FormData;c.append("file",a),l.Z.uploadMedia({store:i,formData:c}).then((function(t){n.$emit("uploaded",t),n.clear()}),(function(t){console.warn("Can't attach sticker"),console.warn(t),n.$emit("upload-failed","default")}))}))}))}}},p=(0,n(83744).Z)(u,[["render",function(t,e,n,l,u,p){var f=(0,i.up)("tab-switcher");return(0,i.wg)(),(0,i.iD)("div",c,[(0,i.Wm)(f,{class:"tab-switcher","render-only-focused":!0,"scrollable-tabs":""},{default:(0,i.w5)((function(){return[((0,i.wg)(!0),(0,i.iD)(i.HY,null,(0,i.Ko)(t.pack,(function(e){return(0,i.wg)(),(0,i.iD)("div",{key:e.path,"image-tooltip":e.meta.title,image:e.path+e.meta.tabIcon,class:"sticker-picker-content"},[((0,i.wg)(!0),(0,i.iD)(i.HY,null,(0,i.Ko)(e.meta.stickers,(function(n){return(0,i.wg)(),(0,i.iD)("div",{key:n,class:"sticker",onClick:(0,a.iM)((function(i){return t.pick(e.path+n,e.meta.title)}),["stop","prevent"])},[(0,i._)("img",{src:e.path+n},null,8,s)],8,o)})),128))],8,r)})),128))]})),_:1})])}]])}}]);
//# sourceMappingURL=8532.290194af65a2e3a4120e.js.map

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

View file

@ -25,6 +25,4 @@
* MIT Licensed * MIT Licensed
*/ */
/*! https://mths.be/punycode v1.3.2 by @mathias */
/*! regenerator-runtime -- Copyright (c) 2014-present, Facebook, Inc. -- license (MIT): https://github.com/facebook/regenerator/blob/main/LICENSE */ /*! regenerator-runtime -- Copyright (c) 2014-present, Facebook, Inc. -- license (MIT): https://github.com/facebook/regenerator/blob/main/LICENSE */

File diff suppressed because one or more lines are too long

View file

@ -1342,6 +1342,14 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
%{test_file: test_file} %{test_file: test_file}
end end
test "strips / from filename", %{test_file: file} do
file = %Plug.Upload{file | filename: "../../../../../nested/bad.jpg"}
{:ok, %Object{} = object} = ActivityPub.upload(file)
[%{"href" => href}] = object.data["url"]
assert Regex.match?(~r"/bad.jpg$", href)
refute Regex.match?(~r"/nested/", href)
end
test "sets a description if given", %{test_file: file} do test "sets a description if given", %{test_file: file} do
{:ok, %Object{} = object} = ActivityPub.upload(file, description: "a cool file") {:ok, %Object{} = object} = ActivityPub.upload(file, description: "a cool file")
assert object.data["name"] == "a cool file" assert object.data["name"] == "a cool file"

View file

@ -122,6 +122,23 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do
assert :ok == File.rm(Path.absname("test/tmp/large_binary.data")) assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
end end
test "Do not allow nested filename", %{conn: conn, image: image} do
image = %Plug.Upload{
image
| filename: "../../../../../nested/file.jpg"
}
desc = "Description of the image"
media =
conn
|> put_req_header("content-type", "multipart/form-data")
|> post("/api/v1/media", %{"file" => image, "description" => desc})
|> json_response_and_validate_schema(:ok)
refute Regex.match?(~r"/nested/", media["url"])
end
end end
describe "Update media description" do describe "Update media description" do

View file

@ -385,6 +385,34 @@ defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
assert :ok == File.rm(Path.absname("test/tmp/large_binary.data")) assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
end end
test "Strip / from upload files", %{user: user, conn: conn} do
new_image = %Plug.Upload{
content_type: "image/jpeg",
path: Path.absname("test/fixtures/image.jpg"),
filename: "../../../../nested/an_image.jpg"
}
assert user.avatar == %{}
res =
patch(conn, "/api/v1/accounts/update_credentials", %{
"avatar" => new_image,
"header" => new_image,
"pleroma_background_image" => new_image
})
assert user_response = json_response_and_validate_schema(res, 200)
assert user_response["avatar"]
assert user_response["header"]
assert user_response["pleroma"]["background_image"]
refute Regex.match?(~r"/nested/", user_response["avatar"])
refute Regex.match?(~r"/nested/", user_response["header"])
refute Regex.match?(~r"/nested/", user_response["pleroma"]["background_image"])
user = User.get_by_id(user.id)
refute user.avatar == %{}
end
test "requires 'write:accounts' permission" do test "requires 'write:accounts' permission" do
token1 = insert(:oauth_token, scopes: ["read"]) token1 = insert(:oauth_token, scopes: ["read"])
token2 = insert(:oauth_token, scopes: ["write", "follow"]) token2 = insert(:oauth_token, scopes: ["write", "follow"])