Commit graph

2515 commits

Author SHA1 Message Date
William Pitcock
595d855f0e html scrubbing policies: restrict img tags to http/https only for mediaproxy compatibility 2018-10-18 14:29:31 +00:00
Haelwenn (lanodan) Monnier
2154c5dcd8
lib/pleroma/html.ex: Use macros for valid_schemes, change config for schemes 2018-10-18 07:58:15 +02:00
kaniini
6098070234 Merge branch 'bugfix/osada-mention' into 'develop'
fix osada mentions

Closes #324

See merge request pleroma/pleroma!380
2018-10-17 19:33:15 +00:00
William Pitcock
958c5e02e8 tests: add a testcase for matching osada users in the formatter 2018-10-17 19:27:05 +00:00
William Pitcock
582dbe5c8d formatter: fix matching osada users 2018-10-17 19:15:20 +00:00
Haelwenn
c7140c67c7 Merge branch 'import-maybe-direct-follow' into 'develop'
Use maybe_direct_follow for follow imports

See merge request pleroma/pleroma!378
2018-10-17 04:24:13 +00:00
scarlett
7562912f6a Use maybe_direct_follow for follow imports 2018-10-17 04:16:11 +01:00
Haelwenn (lanodan) Monnier
d7654c77de
lib/pleroma/html.ex: Use a function as a variable (broken for some reason) 2018-10-16 03:34:33 +02:00
Haelwenn (lanodan) Monnier
50e0a9ae56
lib/pleroma/html.ex: Fix scheme lists
Gosh please don’t break ourselves…

Also this is copy-paste of the list in lib/pleroma/formatter.ex,
I think this should be put in a common variable, but where?
2018-10-16 03:00:37 +02:00
kaniini
c93571b87e Merge branch 'feature/markdown-enable-tags' into 'develop'
common api: enable tag linking in markdown mode

Closes #322

See merge request pleroma/pleroma!376
2018-10-14 20:42:23 +00:00
William Pitcock
30efa86c05 common api: enable tag linking in markdown mode 2018-10-14 20:36:11 +00:00
kaniini
e0c035589a Merge branch 'security/clear-oauth-with-password' into 'develop'
Delete Tokens and Authorizations on password change

Closes #320

See merge request pleroma/pleroma!375
2018-10-14 19:29:58 +00:00
Haelwenn (lanodan) Monnier
eacab0fb05
Delete Tokens and Authorizations on password change
Closes: https://git.pleroma.social/pleroma/pleroma/issues/320
2018-10-14 02:14:54 +02:00
kaniini
117e005409 Merge branch 'security/fix-local-locked-accounts' into 'develop'
security: fix local locked accounts

Closes #316

See merge request pleroma/pleroma!372
2018-10-11 10:56:12 +00:00
William Pitcock
51eaece3ea user: break out local cases for maybe_direct_follow 2018-10-11 10:49:54 +00:00
William Pitcock
ebc32045f0 test: add regression test for #316 2018-10-11 10:35:32 +00:00
William Pitcock
2c29329d39 user: local users are always AP-enabled (closes #316) 2018-10-11 10:35:11 +00:00
kaniini
3a77336d89 Merge branch 'bugfix/length-enforce-subjects' into 'develop'
common api: take the combination of the subject and content for length limit enforcement

Closes #315

See merge request pleroma/pleroma!371
2018-10-10 08:00:23 +00:00
William Pitcock
111841ad34 common api: take the combination of the subject and content for length limit enforcement
closes #315
2018-10-10 07:53:44 +00:00
Haelwenn
5294b11ef0 Merge branch 'feature/mrf-transparency-opt-out' into 'develop'
nodeinfo: allow opting out of MRF transparency

See merge request pleroma/pleroma!370
2018-10-07 01:34:16 +00:00
William Pitcock
08d5ad71b6 nodeinfo: allow opting out of MRF transparency 2018-10-07 01:23:38 +00:00
kaniini
4a3a46074d Merge branch 'security/follow-always-async' into 'develop'
AP follows must be always async (closes #306)

Closes #306

See merge request pleroma/pleroma!368
2018-10-07 01:16:05 +00:00
kaniini
b638cc50b6 Merge branch 'patch-2' into 'develop'
Relax form-action content security policy in sample nginx config

See merge request pleroma/pleroma!364
2018-10-07 01:10:12 +00:00
kaniini
a15eac05a6 Merge branch 'update-pleroma-frontend' into 'develop'
update-pleroma-frontend

See merge request pleroma/pleroma!369
2018-10-07 01:09:33 +00:00
William Pitcock
7b3fff9af8 {mastodon api, twitter api}: make the follow handshake timeout configurable 2018-10-07 01:05:59 +00:00
hakabahitoyo
be7bb90bef update-pleroma-frontend 2018-10-07 09:58:08 +09:00
William Pitcock
7f530f6f80 mastodon api: relationship view: better handle no pre-existing follow activity 2018-10-05 23:50:13 +00:00
William Pitcock
e69faf550c user: add wait_and_refresh() for async three-way handshake case 2018-10-05 23:40:49 +00:00
William Pitcock
3e751496e3 mastodon api: account view: fetch follow state and use it to populate requested field 2018-10-05 23:31:49 +00:00
William Pitcock
a71b822013 activitypub: always track following state for async reasons 2018-10-05 23:31:00 +00:00
William Pitcock
8ce217776d activitypub transmogrifier: better manage follow state 2018-10-05 23:30:34 +00:00
William Pitcock
4f7a468659 user: only pre-create follow relationships on OStatus
closes #306
2018-10-05 22:58:03 +00:00
kaniini
614e47aa7c Merge branch 'revert-d31bbb1c' into 'develop'
Rich Text Redo Branch

See merge request pleroma/pleroma!314
2018-10-05 21:17:46 +00:00
William Pitcock
497814cbbb test: update test for new html scrub policy 2018-10-05 21:11:22 +00:00
William Pitcock
bd76d9cee6 nodeinfo: add accepted post formats to metadata 2018-10-05 21:05:37 +00:00
William Pitcock
285ac80c36 config: allow for accepted post formats to be configured 2018-10-05 21:02:17 +00:00
William Pitcock
52b05137c5 formatter: use Pleroma.HTML module instead of HtmlSanitizeEx directly 2018-10-05 20:49:34 +00:00
William Pitcock
16307da311 twitterapi: frontend config: add formattingOptionsEnabled 2018-10-05 20:49:34 +00:00
William Pitcock
b1be9415ef Revert "Merge branch 'revert-a26d5e6b' into 'develop'"
This reverts commit d31bbb1cfe, reversing
changes made to 340ab3cb90.
2018-10-05 20:49:34 +00:00
kaniini
f7ba393bb9 Merge branch 'feature/nodeinfo_federation_info' into 'develop'
Nodeinfo federation info

See merge request pleroma/pleroma!367
2018-10-05 20:41:16 +00:00
Haelwenn (lanodan) Monnier
f2efc8dcfb
nodeinfo_controller: Fix JSON rendering
This is the last noedinfo difference from my own branch
2018-10-05 22:32:53 +02:00
Haelwenn (lanodan) Monnier
28651df478
MRF Transparency 2018-10-05 20:09:08 +02:00
Haelwenn (lanodan) Monnier
56d31db130
Pleroma.Web.Nodeinfo.NodeinfoController: Further transparency, breaks API of previous one 2018-10-05 20:08:55 +02:00
Haelwenn (lanodan) Monnier
8226953f1d
[Pleroma.Web.Nodeinfo.NodeinfoController]: Transparency on MRF Simple 2018-10-05 20:02:13 +02:00
kaniini
4f03bb2299 Merge branch 'bugfix/fix-mrf-reject-match' into 'develop'
activitypub: fix error condition match

See merge request pleroma/pleroma!365
2018-09-30 05:32:56 +00:00
William Pitcock
4db1bc2c0e activitypub: fix error condition match 2018-09-30 05:26:13 +00:00
barrucadu
a32e013909 Relax form-action content security policy
'self' only allows forms submitted to the same origin, which
breaks the "remote follow" form.  To allow remote following,
we want to allow forms to be submitted to any host.
2018-09-28 22:17:19 +00:00
Haelwenn
ab2e5ba989 Merge branch 'bugfix/magnet-links' into 'develop'
formatter: Stop using phoenix HTML and format it ourselves

Closes #307

See merge request pleroma/pleroma!363
2018-09-28 19:20:54 +00:00
Haelwenn (lanodan) Monnier
a3cffd3566
formatter: Stop using phoenix HTML and format it ourselves
* Pheonix has an extra scheme whitelist conflicting with ours
* Pheonix doesn’t seems to do URL encoding, just HTML encoding

Closes: https://git.pleroma.social/pleroma/pleroma/issues/307
2018-09-28 17:32:27 +02:00
Haelwenn
34b6d444d6 Merge branch 'feature/twitter_api/fields' into 'develop'
[Pleroma.Web.TwitterAPI.UserView]: Add mastodon-fields in "fields"

See merge request pleroma/pleroma!360
2018-09-28 09:25:27 +00:00