Commit graph

5021 commits

Author SHA1 Message Date
Haelwenn (lanodan) Monnier
1257331291
MastodonAPI.StatusView: Do not use site_name
site_name allow to spoof the origin of the domain and so hacks like:

<!-- served on https://hacktivis.me/tmp/joinmastodon.org.html -->
<meta property="og:image" content="https://hacktivis.me/datalove/img/meme/pleroma/mastodon%2C%20forbidden%20amuse%20yourself.jpeg" />
<meta property="og:title" content="Mastodon: Forbidden Amuse Yourself" />
<meta property="og:site_name" content="joinmastodon.org" />
<meta http-equiv="refresh" content="0; url=http://joinmastodon.org/">
2020-02-15 00:36:09 +01:00
rinpatch
9906c6fb6f Merge branch 'fix/mrf-transparency-disabling-federation-status' into 'develop'
NodeInfo: Fix federating status not being reported when MRF transparency is disabled

Closes #1568

See merge request pleroma/pleroma!2206
2020-02-13 18:08:43 +00:00
rinpatch
23049a077e NodeInfo: Fix federating status not being reported when MRF
transparency is disabled

Closes #1568
2020-02-13 19:53:39 +03:00
feld
b312c36b8e Merge branch 'develop' into 'fix/rename-no_attachment_links-setting'
# Conflicts:
#   config/description.exs
2020-02-13 14:37:55 +00:00
Egor Kislitsyn
19516af74e
Fix status.expires_in validation 2020-02-12 20:20:44 +04:00
Mark Felder
ff9fd4ca89 Fix the confusingly named and inverted logic of "no_attachment_links"
The setting is now simply "attachment_links" and the boolean value does
what you expect. A double negative is never possible and describing the
functionality is no longer a philospher's worst nightmare.
2020-02-11 15:39:19 -06:00
feld
237b2068f9 Revert "Merge branch 'feat/floki-fasthtml' into 'develop'"
This reverts merge request !2194
2020-02-11 16:55:18 +00:00
rinpatch
ea1631d7e6 Make Floki use fast_html 2020-02-11 16:17:21 +03:00
lain
24c526a0b1 Merge remote-tracking branch 'origin/develop' into uguu-uwu-notices-bulge 2020-02-11 13:58:36 +01:00
rinpatch
94e5ca1105 Merge branch 'issue/1383' into 'develop'
[#1383] Switch periodic jobs from quantum to oban

See merge request pleroma/pleroma!2015
2020-02-11 00:04:06 +00:00
Maksim Pechnikov
6813c0302c Merge branch 'develop' into issue/1383 2020-02-10 20:49:20 +03:00
rinpatch
c55301e760 Fix a compilation error under certain circumstances
I've noticed that sometimes when switching from develop to stable and back,
develop fails to compile and rm -r ing the _build and deps dirs doesn't
help at all.

This is due to Admin API controller needing to generate JSON description
of the config at compile time.  Evaluating `config/description.exs`
calls `Generator.list_modules_in_dir/2`, which in turn predicts the
module names of files in the directory and tries to convert the
predicted name to *existing* atoms. Sometimes the compiler will
call that function before compiling the modules in the said directory,
so the conversion will of course fail.

This fixes it by removing the requirement of the atoms being existent.
The function is not subjected to any untrusted user input so this should
be safe. An ideal fix would be to block the compilation of docs before
all modules are compiled and then get a list of compiled elixir modules
under the namespace we want instead of directory hacks, but I have not
been able to figure out how to do that.
2020-02-10 18:41:02 +03:00
lain
964b4d82a0 Merge branch 'fix/upload-limit-otp' into 'develop'
Actually fix upload limit on OTP releases

Closes #1109

See merge request pleroma/pleroma!2185
2020-02-08 14:02:36 +00:00
rinpatch
15ea75cd2a Actually fix upload limit on OTP releases
Closes #1109
2020-02-07 20:14:06 +03:00
Haelwenn
1262357ddb Merge branch 'cancel-follow-request' into 'develop'
Add support for cancellation of a follow request

Closes #1522

See merge request pleroma/pleroma!2175
2020-02-07 16:10:43 +00:00
Lain Soykaf
d85bcc8627 Questions: Add timezone to closed property 2020-02-07 16:57:46 +01:00
Lain Soykaf
4538a1ee01 EmojiReactions: Remove old API endpoints 2020-02-07 15:01:45 +01:00
Lain Soykaf
f875b9650a EmojiReactions: Add Mastodon-aligned reaction endpoints, change response 2020-02-07 14:52:13 +01:00
Egor Kislitsyn
bc2e98b200
Add User.get_follow_state/2 2020-02-07 16:17:34 +04:00
Lain Soykaf
8a79f20c21 EmojiReactions: Rename to EmojiReacts 2020-02-06 18:09:57 +01:00
feld
df0b00b32d Merge branch 'mastoapi-non-html-strings' into 'develop'
mastodon API: do not sanitize html in non-html fields

See merge request pleroma/pleroma!2167
2020-02-06 16:08:23 +00:00
Egor Kislitsyn
8b9742ecf5 Cancellation of a follow request for a remote user 2020-02-06 18:02:33 +04:00
Alexander Strizhakov
c85aa6e87f
removing confusing error 2020-02-06 12:50:36 +03:00
rinpatch
15cb1f6804 Merge branch 'fix/unpinnable-polls' into 'develop'
fix not being able to pin polls

See merge request pleroma/pleroma!2172
2020-02-05 21:04:16 +00:00
rinpatch
72d767998c Merge branch 'removing-admin-api-endpoint' into 'develop'
Removing migrate_from_db endpoint from admin api

See merge request pleroma/pleroma!2177
2020-02-05 21:03:56 +00:00
feld
b21e59da5f Merge branch 'remove-linker-scheme-option' into 'develop'
Remove AutoLinker `scheme` option from the config

See merge request pleroma/pleroma!2176
2020-02-05 20:32:45 +00:00
Alexander Strizhakov
5db6ac8ee4
removing migrate_from_db endpoint from admin api 2020-02-05 20:36:21 +03:00
Egor Kislitsyn
3909b5b7b3
Remove AutoLinker scheme option from the config 2020-02-05 21:13:56 +04:00
rinpatch
49e80a1537 Merge branch 'feature/restart-pleroma-from-outside-application' into 'develop'
Restarting pleroma from outside application

See merge request pleroma/pleroma!2144
2020-02-05 16:59:21 +00:00
Egor Kislitsyn
8c71f7e11a Add support for cancellation of a follow request 2020-02-05 20:22:15 +04:00
Maksim Pechnikov
2c40c8b4a2 Merge branch 'develop' into issue/1383 2020-02-03 21:42:36 +03:00
rinpatch
50f5a92021 fix not being able to pin polls 2020-02-02 14:55:06 +03:00
rinpatch
983a87175e mastodon API: do not sanitize html in non-html fields 2020-02-02 14:46:32 +03:00
Roman Chvanikov
8057157ee3 Make attachments cleanup optional 2020-01-31 01:20:37 +03:00
rinpatch
c27d1d65bf Merge branch 'fix/disable-rate-limiter-for-socket-localhost' into 'develop'
Disable rate limiter for socket/localhost

Closes #1380

See merge request pleroma/pleroma!2064
2020-01-30 19:24:04 +00:00
rinpatch
5b62acf6e9 Merge branch 'develop' into fix/disable-rate-limiter-for-socket-localhost 2020-01-30 22:16:55 +03:00
lain
774cba84f5 Merge branch 'reenable-rate-limit-and-remote-ip' into 'develop'
Re-enable rate limiter and enable remote ip

See merge request pleroma/pleroma!2164
2020-01-30 18:47:44 +00:00
lain
a0d9d42eaa Emoji Reactions: Actually use the validation. 2020-01-30 16:07:37 +01:00
feld
e2f2602fdc Merge branch 'emoji-api-errors' into 'develop'
Emoji api error if emoji dir is not writable

Closes admin-fe#62

See merge request pleroma/pleroma!2161
2020-01-30 14:13:40 +00:00
feld
df200ea7a4 Merge branch 'http-security-warning' into 'develop'
Warn if HTTPSecurityPlug is disabled

Closes #1528

See merge request pleroma/pleroma!2155
2020-01-30 14:11:29 +00:00
feld
b3e9c87724 Update emoji_api_controller.ex 2020-01-30 14:09:41 +00:00
feld
36becd5573 Update http_security_plug.ex 2020-01-30 14:07:41 +00:00
rinpatch
263abe3ba5 Merge branch 'emoji-reactions-reacted' into 'develop'
Emoji reactions: Add `reacted` field

See merge request pleroma/pleroma!2160
2020-01-30 13:16:04 +00:00
rinpatch
889965141a RemoteIp: only trust X-Forwarded-For
Our nginx config will happily pass `Forwarded`/`X-Real-IP` from the
client. Caddy, Apache and Varnish pass `X-Forwarded-For` as well anyway.
2020-01-30 00:06:58 +03:00
Haelwenn
946de2299c Merge branch 'fix-streaming-reblog' into 'develop'
Streamer: Correctly handle reblog mutes

Closes #1129 and #1438

See merge request pleroma/pleroma!2156
2020-01-29 20:21:32 +00:00
Egor Kislitsyn
e07e7888d7
Fix credo warning 2020-01-29 18:53:43 +04:00
Egor Kislitsyn
2bd4d6289b
Make the warning more scarier 2020-01-29 18:43:23 +04:00
Alexander Strizhakov
e7fee0d6fa
emoji api error on not writable dir 2020-01-29 15:31:34 +03:00
lain
b3a877d6c9 Emoji Reactions: Correctly handle deleted users 2020-01-29 11:43:36 +01:00
lain
a802e07241 Emoji Reactions: Add reacted field to emoji reactions 2020-01-29 11:39:06 +01:00