Haelwenn (lanodan) Monnier
1257331291
MastodonAPI.StatusView: Do not use site_name
...
site_name allow to spoof the origin of the domain and so hacks like:
<!-- served on https://hacktivis.me/tmp/joinmastodon.org.html -->
<meta property="og:image" content="https://hacktivis.me/datalove/img/meme/pleroma/mastodon%2C%20forbidden%20amuse%20yourself.jpeg " />
<meta property="og:title" content="Mastodon: Forbidden Amuse Yourself" />
<meta property="og:site_name" content="joinmastodon.org" />
<meta http-equiv="refresh" content="0; url=http://joinmastodon.org/ ">
2020-02-15 00:36:09 +01:00
rinpatch
9906c6fb6f
Merge branch 'fix/mrf-transparency-disabling-federation-status' into 'develop'
...
NodeInfo: Fix federating status not being reported when MRF transparency is disabled
Closes #1568
See merge request pleroma/pleroma!2206
2020-02-13 18:08:43 +00:00
rinpatch
23049a077e
NodeInfo: Fix federating status not being reported when MRF
...
transparency is disabled
Closes #1568
2020-02-13 19:53:39 +03:00
feld
b312c36b8e
Merge branch 'develop' into 'fix/rename-no_attachment_links-setting'
...
# Conflicts:
# config/description.exs
2020-02-13 14:37:55 +00:00
Egor Kislitsyn
19516af74e
Fix status.expires_in
validation
2020-02-12 20:20:44 +04:00
Mark Felder
ff9fd4ca89
Fix the confusingly named and inverted logic of "no_attachment_links"
...
The setting is now simply "attachment_links" and the boolean value does
what you expect. A double negative is never possible and describing the
functionality is no longer a philospher's worst nightmare.
2020-02-11 15:39:19 -06:00
feld
237b2068f9
Revert "Merge branch 'feat/floki-fasthtml' into 'develop'"
...
This reverts merge request !2194
2020-02-11 16:55:18 +00:00
rinpatch
ea1631d7e6
Make Floki use fast_html
2020-02-11 16:17:21 +03:00
lain
24c526a0b1
Merge remote-tracking branch 'origin/develop' into uguu-uwu-notices-bulge
2020-02-11 13:58:36 +01:00
rinpatch
94e5ca1105
Merge branch 'issue/1383' into 'develop'
...
[#1383 ] Switch periodic jobs from quantum to oban
See merge request pleroma/pleroma!2015
2020-02-11 00:04:06 +00:00
Maksim Pechnikov
6813c0302c
Merge branch 'develop' into issue/1383
2020-02-10 20:49:20 +03:00
rinpatch
c55301e760
Fix a compilation error under certain circumstances
...
I've noticed that sometimes when switching from develop to stable and back,
develop fails to compile and rm -r ing the _build and deps dirs doesn't
help at all.
This is due to Admin API controller needing to generate JSON description
of the config at compile time. Evaluating `config/description.exs`
calls `Generator.list_modules_in_dir/2`, which in turn predicts the
module names of files in the directory and tries to convert the
predicted name to *existing* atoms. Sometimes the compiler will
call that function before compiling the modules in the said directory,
so the conversion will of course fail.
This fixes it by removing the requirement of the atoms being existent.
The function is not subjected to any untrusted user input so this should
be safe. An ideal fix would be to block the compilation of docs before
all modules are compiled and then get a list of compiled elixir modules
under the namespace we want instead of directory hacks, but I have not
been able to figure out how to do that.
2020-02-10 18:41:02 +03:00
lain
964b4d82a0
Merge branch 'fix/upload-limit-otp' into 'develop'
...
Actually fix upload limit on OTP releases
Closes #1109
See merge request pleroma/pleroma!2185
2020-02-08 14:02:36 +00:00
rinpatch
15ea75cd2a
Actually fix upload limit on OTP releases
...
Closes #1109
2020-02-07 20:14:06 +03:00
Haelwenn
1262357ddb
Merge branch 'cancel-follow-request' into 'develop'
...
Add support for cancellation of a follow request
Closes #1522
See merge request pleroma/pleroma!2175
2020-02-07 16:10:43 +00:00
Lain Soykaf
d85bcc8627
Questions: Add timezone to closed
property
2020-02-07 16:57:46 +01:00
Lain Soykaf
4538a1ee01
EmojiReactions: Remove old API endpoints
2020-02-07 15:01:45 +01:00
Lain Soykaf
f875b9650a
EmojiReactions: Add Mastodon-aligned reaction endpoints, change response
2020-02-07 14:52:13 +01:00
Egor Kislitsyn
bc2e98b200
Add User.get_follow_state/2
2020-02-07 16:17:34 +04:00
Lain Soykaf
8a79f20c21
EmojiReactions: Rename to EmojiReacts
2020-02-06 18:09:57 +01:00
feld
df0b00b32d
Merge branch 'mastoapi-non-html-strings' into 'develop'
...
mastodon API: do not sanitize html in non-html fields
See merge request pleroma/pleroma!2167
2020-02-06 16:08:23 +00:00
Egor Kislitsyn
8b9742ecf5
Cancellation of a follow request for a remote user
2020-02-06 18:02:33 +04:00
Alexander Strizhakov
c85aa6e87f
removing confusing error
2020-02-06 12:50:36 +03:00
rinpatch
15cb1f6804
Merge branch 'fix/unpinnable-polls' into 'develop'
...
fix not being able to pin polls
See merge request pleroma/pleroma!2172
2020-02-05 21:04:16 +00:00
rinpatch
72d767998c
Merge branch 'removing-admin-api-endpoint' into 'develop'
...
Removing migrate_from_db endpoint from admin api
See merge request pleroma/pleroma!2177
2020-02-05 21:03:56 +00:00
feld
b21e59da5f
Merge branch 'remove-linker-scheme-option' into 'develop'
...
Remove AutoLinker `scheme` option from the config
See merge request pleroma/pleroma!2176
2020-02-05 20:32:45 +00:00
Alexander Strizhakov
5db6ac8ee4
removing migrate_from_db endpoint from admin api
2020-02-05 20:36:21 +03:00
Egor Kislitsyn
3909b5b7b3
Remove AutoLinker scheme
option from the config
2020-02-05 21:13:56 +04:00
rinpatch
49e80a1537
Merge branch 'feature/restart-pleroma-from-outside-application' into 'develop'
...
Restarting pleroma from outside application
See merge request pleroma/pleroma!2144
2020-02-05 16:59:21 +00:00
Egor Kislitsyn
8c71f7e11a
Add support for cancellation of a follow request
2020-02-05 20:22:15 +04:00
Maksim Pechnikov
2c40c8b4a2
Merge branch 'develop' into issue/1383
2020-02-03 21:42:36 +03:00
rinpatch
50f5a92021
fix not being able to pin polls
2020-02-02 14:55:06 +03:00
rinpatch
983a87175e
mastodon API: do not sanitize html in non-html fields
2020-02-02 14:46:32 +03:00
Roman Chvanikov
8057157ee3
Make attachments cleanup optional
2020-01-31 01:20:37 +03:00
rinpatch
c27d1d65bf
Merge branch 'fix/disable-rate-limiter-for-socket-localhost' into 'develop'
...
Disable rate limiter for socket/localhost
Closes #1380
See merge request pleroma/pleroma!2064
2020-01-30 19:24:04 +00:00
rinpatch
5b62acf6e9
Merge branch 'develop' into fix/disable-rate-limiter-for-socket-localhost
2020-01-30 22:16:55 +03:00
lain
774cba84f5
Merge branch 'reenable-rate-limit-and-remote-ip' into 'develop'
...
Re-enable rate limiter and enable remote ip
See merge request pleroma/pleroma!2164
2020-01-30 18:47:44 +00:00
lain
a0d9d42eaa
Emoji Reactions: Actually use the validation.
2020-01-30 16:07:37 +01:00
feld
e2f2602fdc
Merge branch 'emoji-api-errors' into 'develop'
...
Emoji api error if emoji dir is not writable
Closes admin-fe#62
See merge request pleroma/pleroma!2161
2020-01-30 14:13:40 +00:00
feld
df200ea7a4
Merge branch 'http-security-warning' into 'develop'
...
Warn if HTTPSecurityPlug is disabled
Closes #1528
See merge request pleroma/pleroma!2155
2020-01-30 14:11:29 +00:00
feld
b3e9c87724
Update emoji_api_controller.ex
2020-01-30 14:09:41 +00:00
feld
36becd5573
Update http_security_plug.ex
2020-01-30 14:07:41 +00:00
rinpatch
263abe3ba5
Merge branch 'emoji-reactions-reacted' into 'develop'
...
Emoji reactions: Add `reacted` field
See merge request pleroma/pleroma!2160
2020-01-30 13:16:04 +00:00
rinpatch
889965141a
RemoteIp: only trust X-Forwarded-For
...
Our nginx config will happily pass `Forwarded`/`X-Real-IP` from the
client. Caddy, Apache and Varnish pass `X-Forwarded-For` as well anyway.
2020-01-30 00:06:58 +03:00
Haelwenn
946de2299c
Merge branch 'fix-streaming-reblog' into 'develop'
...
Streamer: Correctly handle reblog mutes
Closes #1129 and #1438
See merge request pleroma/pleroma!2156
2020-01-29 20:21:32 +00:00
Egor Kislitsyn
e07e7888d7
Fix credo warning
2020-01-29 18:53:43 +04:00
Egor Kislitsyn
2bd4d6289b
Make the warning more scarier
2020-01-29 18:43:23 +04:00
Alexander Strizhakov
e7fee0d6fa
emoji api error on not writable dir
2020-01-29 15:31:34 +03:00
lain
b3a877d6c9
Emoji Reactions: Correctly handle deleted users
2020-01-29 11:43:36 +01:00
lain
a802e07241
Emoji Reactions: Add reacted
field to emoji reactions
2020-01-29 11:39:06 +01:00