pleroma

mirror of https://git.pleroma.social/pleroma/pleroma.git synced 2024-06-29 18:40:50 +00:00

Author	SHA1	Message	Date
tusooa	87353e5ad1	Fix config descriptions for mrf inline quote	2023-09-13 19:20:32 -04:00
tusooa	8b98a98dfb	Make InlineQuotePolicy history aware	2023-09-13 19:20:32 -04:00
tusooa	e349e92a44	Add mrf to force link tag of quoting posts	2023-09-13 19:20:30 -04:00
tusooa	479a6f11db	Keep incoming Link tag	2023-09-13 19:19:44 -04:00
tusooa	e9cd004ba1	Parse object link as quoteUrl	2023-09-13 19:19:42 -04:00
tusooa	163e563733	Allow more flexibility in InlineQuotePolicy	2023-09-13 19:19:05 -04:00
tusooa	9bcec87aba	Allow local quote and private self-quote	2023-09-13 19:19:05 -04:00
tusooa	b0a7e795e7	Unify logic for normalizing quoteUri	2023-09-13 19:19:05 -04:00
Alex Gleason	f9697e68c2	InlineQuotePolicy: skip objects which already have an .inline-quote span	2023-09-13 19:19:05 -04:00
Alex Gleason	79fca39faf	Actually, don't send _misskey_quote anymore	2023-09-13 19:19:05 -04:00
Alex Gleason	4075eecca0	InlineQuotePolicy: improve the way Markdown quotes are displayed by other software	2023-09-13 19:19:05 -04:00
Alex Gleason	817e308c0d	Handle Fedibird's new quoteUri field	2023-09-13 19:19:05 -04:00
Alex Gleason	3c8319fe9f	Transmogrifier: federate quotes with _misskey_quote field	2023-09-13 19:19:04 -04:00
Alex Gleason	cf8e425883	StatusView: return quote post inside a reblog	2023-09-13 19:19:04 -04:00
Alex Gleason	bee7e41959	InlineQuotePolicy: don't add line breaks to markdown posts	2023-09-13 19:19:04 -04:00
Alex Gleason	74e0a4555f	StatusView: add `quote_visible` param	2023-09-13 19:19:04 -04:00
Alex Gleason	6f11f11519	StatusView: fix quote visibility	2023-09-13 19:19:04 -04:00
Alex Gleason	59326247aa	CommonAPI: disallow quoting private posts through the API	2023-09-13 19:19:04 -04:00
Alex Gleason	57ef1d1211	Add InlineQuotePolicy to force quote URLs inline	2023-09-13 19:19:04 -04:00
Alex Gleason	1f19dd76f6	ActivityDraft: mix format, defensive actor ID	2023-09-13 19:19:04 -04:00
Alex Gleason	54a9897938	ActivityDraft: mention the OP of a quoted post	2023-09-13 19:19:04 -04:00
Alex Gleason	80ab2572a4	Return quote_url through the API, don't render quotes more than 1 level deep	2023-09-13 19:19:04 -04:00
Alex Gleason	5716f88a1d	InstanceView: add "quote_posting" feature	2023-09-13 19:19:03 -04:00
Alex Gleason	9600973917	mix format	2023-09-13 19:19:03 -04:00
Alex Gleason	d4fea8b559	ActivityDraft: allow quoting	2023-09-13 19:19:03 -04:00
Alex Gleason	6ac19c3999	ActivityDraft: create quote posts	2023-09-13 19:19:03 -04:00
Alex Gleason	0d9c443e51	StatusView: render the whole quoted status	2023-09-13 19:19:03 -04:00
Alex Gleason	ce5eb31723	StatusView: show quoted posts through the API, probably	2023-09-13 19:19:03 -04:00
Alex Gleason	cc4badaf60	Transmogrifier: fix quoteUrl here too	2023-09-13 19:19:03 -04:00
Alex Gleason	b022d6635d	Transmogrifier: fetch quoted post	2023-09-13 19:19:03 -04:00
Alex Gleason	795736af16	ObjectValidators: improve quoteUrl compatibility	2023-09-13 19:19:03 -04:00
Alex Gleason	31eb3dc245	ObjectValidators: accept "quoteUrl" field	2023-09-13 19:19:02 -04:00
marcin mikołajczak	28ef5ebd3c	Update InstanceView.features Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2023-09-07 15:00:24 +02:00
Mint	1afde067b1	CommonAPI: Prevent users from accessing media of other users	2023-09-03 10:41:37 +02:00
tusooa	3d09bc320e	Make lint happy	2023-08-30 20:36:52 -04:00
Haelwenn	1e685c8302	Merge branch 'csp-flash' into 'develop' allow https: so that flash works across instances without need for media proxy See merge request pleroma/pleroma!3879	2023-08-16 13:37:49 +00:00
Haelwenn	d838d1990b	Apply lanodan's suggestion(s) to 1 file(s)	2023-08-16 13:34:32 +00:00
marcin mikołajczak	79e46ce73f	InstanceView: Add common_information function Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2023-08-11 13:57:22 +02:00
marcin mikołajczak	9effa24f30	Implement api/v2/instance route Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2023-08-11 00:08:05 +02:00
mae	48b1e9bdc7	Completely disable xml entity resolution	2023-08-05 14:17:04 +02:00
Mae	ca0859b90f	Prevent XML parser from loading external entities	2023-08-04 22:35:13 -04:00
Haelwenn (lanodan) Monnier	69caedc591	instance gen: Reduce permissions of pleroma directories and config files	2023-08-04 09:50:28 +02:00
Haelwenn (lanodan) Monnier	8cc8100120	Config: Restrict permissions of OTP config file	2023-08-04 09:50:28 +02:00
Mark Felder	2c79509453	Resolve information disclosure vulnerability through emoji pack archive download endpoint The pack name has been sanitized so an attacker cannot upload a media file called pack.json with their own handcrafted list of emoji files as arbitrary files on the filesystem and then call the emoji pack archive download endpoint with a pack name crafted to the location of the media file they uploaded which tricks Pleroma into generating a zip file of the target files the attacker wants to download. The attack only works if the Pleroma instance does not have the AnonymizeFilename upload filter enabled, which is currently the default. Reported by: graf@poast.org	2023-08-04 08:40:27 +02:00
Haelwenn	819fccb7d1	Merge branch 'tusooa/3154-attachment-type-check' into 'develop' Restrict attachments to only uploaded files only Closes #3154 See merge request pleroma/pleroma!3923	2023-08-03 10:01:32 +00:00
Faried Nawaz	e5e76ec445	cleaner ecto query to handle restrict_unauthenticated for activities This fix is for this case: config :pleroma, :restrict_unauthenticated, activities: %{local: true, remote: true}	2023-07-28 18:45:59 +05:00
faried nawaz	dc4de79d43	status context: perform visibility check on activities around a status issue #2927	2023-07-28 18:45:59 +05:00
tusooa	ea4225a646	Restrict attachments to only uploaded files only	2023-07-18 18:39:59 -04:00
Haelwenn	93ad16cca0	Merge branch '2023-06-deps-update' into 'develop' 2023-06 deps update + de-override plug See merge request pleroma/pleroma!3911	2023-07-17 20:37:47 +00:00
tusooa	1459d64508	Make regex-to-string descriptor reusable	2023-07-07 07:09:35 -04:00
tusooa	ba3aa4f86d	Fix edge cases	2023-07-07 06:58:32 -04:00
tusooa	ef8a6c539a	Make EmojiPolicy aware of custom emoji reactions	2023-07-07 06:58:31 -04:00
tusooa	20d193c91d	Improve config examples for EmojiPolicy	2023-07-07 06:58:31 -04:00
tusooa	f50422c380	Move emoji_policy.ex to the right place	2023-07-07 06:58:31 -04:00
tusooa	7eb8abf7bb	EmojiPolicy: Implement delist	2023-07-07 06:58:31 -04:00
tusooa	80ce6482f6	EmojiPolicy: implement remove by shortcode	2023-07-07 06:58:31 -04:00
tusooa	28ff828caa	Add emoji policy to remove emojis matching certain urls https://git.pleroma.social/pleroma/pleroma/-/issues/2775	2023-07-07 06:58:22 -04:00
Haelwenn (lanodan) Monnier	3d79ceb23a	Deprecate audio scrobbling	2023-07-04 03:40:11 +02:00
Haelwenn	a31a4c522f	Merge branch 'tusooa/3131-handle-report-from-deactivated-user' into 'develop' Fix handling report from a deactivated user Closes #3131 See merge request pleroma/pleroma!3915	2023-07-02 21:27:15 +00:00
tusooa	6e4de2383f	Fix handling report from a deactivated user	2023-07-02 11:15:34 -04:00
tusooa	a1621839cc	Fix user fetch completely broken if featured collection is not in a supported form	2023-07-02 11:03:09 -04:00
tusooa	48e490cd58	Merge branch 'bugfix/full-revert-media-host-validation' into 'develop' Merge Revert "Merge branch 'validate-host' into 'develop'" Closes #3136 See merge request pleroma/pleroma!3909	2023-07-01 21:54:18 +00:00
Haelwenn	043a00991d	Merge branch 'instance-nodeinfo-metadata' into 'develop' instances: Store some metadata based on NodeInfo See merge request pleroma/pleroma!3853	2023-06-27 18:58:04 +00:00
Haelwenn	ae0ca49451	Merge branch 'tusooa/3119-bio-update' into 'develop' Show more informative errors when profile exceeds char limits Closes #3119 See merge request pleroma/pleroma!3886	2023-06-27 18:49:43 +00:00
Haelwenn	41f2ee69a8	Merge branch 'from/upstream-develop/tusooa/backup-status' into 'develop' Detail backup states Closes #3024 See merge request pleroma/pleroma!3809	2023-06-27 12:08:11 +00:00
Haelwenn (lanodan) Monnier	d7e049d5e8	router: Fix usage of globs warning: doing a prefix match with globs is deprecated, invalid segment "pleromapath". You can either replace by a single segment match: /foo/bar-:var Or by mixing single segment match with globs: /foo/bar-:var/rest	2023-06-27 10:42:10 +02:00
Haelwenn (lanodan) Monnier	3a67b8f287	endpoint: Use custom Multipart module for dynamic configuration	2023-06-27 10:41:25 +02:00
Haelwenn (lanodan) Monnier	dd9f8150fc	Merge Revert "Merge branch 'validate-host' into 'develop'" This reverts commit `d998a114e2`, reversing changes made to `da6b4003ac`.	2023-06-22 21:28:25 +02:00
Sean King	a5a354a36e	Prevent bypassing authorized fetch mode with a json file	2023-06-21 23:10:56 -06:00
lain	4e6ea7cc91	Merge branch 'tusooa/3054-banned-delete' into 'develop' Fix deleting banned users' statuses See merge request pleroma/pleroma!3889	2023-06-11 13:17:12 +00:00
Lain Soykaf	6611c6ce4e	B ForceMentionsInContent: Fix test, refactor.	2023-06-11 16:45:31 +04:00
Lain Soykaf	55dd8ef1c7	Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into pleroma-double_mentions	2023-06-11 16:31:20 +04:00
lain	16313af7eb	Merge branch 'fix/metadata-tags' into 'develop' static frontend: fix meta tags See merge request pleroma/pleroma!3885	2023-06-11 11:57:16 +00:00
lain	1f4618d64b	Merge branch 'cleanup/ostatus-user-upgrade' into 'develop' Cleanup OStatus-era user upgrades and ap_enabled indicator See merge request pleroma/pleroma!3880	2023-06-11 11:13:57 +00:00
feld	75900f21f0	Merge branch 'revert-mediaproxy-host-validation' into 'develop' Revert MediaProxy Host header validation See merge request pleroma/pleroma!3902	2023-06-11 11:10:51 +00:00
lain	1db29f734f	Merge branch 'fep-fffd-url' into 'develop' CommonFields: Use BareUri for :url Closes #3121 See merge request pleroma/pleroma!3884	2023-06-11 11:02:39 +00:00
Mark Felder	fadcd7f1a9	Revert MediaProxy Host header validation Something is going wrong here even though the tests are correct.	2023-06-07 09:19:22 -04:00
Mark Felder	63ef1dcedc	Phoenix.Router.routes/1 is the public function we are meant to be using here	2023-06-03 14:17:49 -04:00
Lain Soykaf	cbc5b8cebd	B Preload: Make sure that the preloaded json is html safe	2023-06-02 17:03:21 +04:00
Mark Felder	f0e5f0e837	Fix compile warning warning: doing a prefix match with globs is deprecated, invalid segment "pleroma*path"	2023-05-31 22:23:36 +00:00
Mark Felder	2b8bbb288c	Phoenix.Socket.Transport.force_ssl/4 no longer exists	2023-05-31 22:11:17 +00:00
Mark Felder	62322f71e2	Clean up Plug.Parsers.MULTIPART deprecation warnings There is no need to the length setting to :multipart. The length setting is global for all of the parsers.	2023-05-31 16:22:40 -04:00
Mark Felder	ffee478ed0	Move websocket config for Shoutbox to the Endpoint This is the modern way of configuring it	2023-05-31 15:30:58 -04:00
Mark Felder	e3110cb34e	Fix deprecated calls to get_flash/2	2023-05-31 13:36:21 -04:00
Haelwenn	d998a114e2	Merge branch 'validate-host' into 'develop' Validate Host header for MediaProxy and Uploads See merge request pleroma/pleroma!3896	2023-05-31 00:50:01 +00:00
Mark Felder	b3c3bd99c3	Switch from serving a 400 to a 302	2023-05-30 16:56:09 -04:00
Mark Felder	9caa0b0be1	Add OnlyMedia Upload Filter to simplify restricting uploads to audio, image, and video types	2023-05-29 15:49:04 -04:00
Mark Felder	da7394f33b	Fix unused assignment	2023-05-29 15:09:31 -04:00
Mark Felder	a60dd0d92d	Validate Host header matches expected value before allowing access to Uploads	2023-05-29 14:16:03 -04:00
Mark Felder	843fcca5b4	Validate Host header matches expected value before allowing access to MediaProxy	2023-05-29 13:59:51 -04:00
faried nawaz	8b390d27dc	twitter card: handle case where image has no alt text	2023-05-29 02:52:49 +05:00
faried nawaz	52368e6702	fix meta tag for twitter cards and image attachments The name of the tag should be twitter:image, not twitter:player. Also, add twitter:image:alt meta tags.	2023-05-29 02:52:49 +05:00
faried nawaz	b6b7de2010	add url to Metadata.build_tags call If static_fe is enabled, going to https://pleroma/notice/some-id results in <meta content="https://pleroma/users/someuser" property="og:url"> With this fix, it is <meta content="https://pleroma/notice/some-id" property="og:url"> Additionally, Pleroma.Web.Metadata.Providers.OpenGraph now generates meta tags for attachments in the post.	2023-05-29 02:52:41 +05:00
Haelwenn (lanodan) Monnier	869f0d24a6	Merge branch 'release/2.5.2' into mergeback/2.5.2	2023-05-26 23:47:50 +02:00
Mark Felder	4505bc1e58	Filter OEmbed HTML tags	2023-05-26 19:56:36 +02:00
Mark Felder	0d68804aa7	Filter OEmbed HTML tags	2023-05-26 19:54:24 +02:00
tusooa	d0c2e0830b	Enforce unauth restrictions for public streaming endpoints	2023-05-26 19:24:08 +02:00
Haelwenn	b36263e5ff	Merge branch 'issue/3126' into 'develop' MediaProxyController: Apply CSP sandbox See merge request pleroma/pleroma!3890	2023-05-26 19:24:08 +02:00
Haelwenn	4339230f64	Merge branch 'tusooa/fix-object-test' into 'develop' Fix ObjectTest See merge request pleroma/pleroma!3887	2023-05-26 19:24:08 +02:00
Haelwenn	72833c84b5	Merge branch 'tusooa/rework-refetch' into 'develop' Make sure object refetching follows update rules See merge request pleroma/pleroma!3883	2023-05-26 19:24:08 +02:00
Mark Felder	38bcf6b19e	MediaProxyController: Apply CSP sandbox	2023-05-26 12:34:01 -04:00
Zero	279fd47b48	ForceMentionsInContent: fix double mentions for Mastodon/Misskey posts The code checked for duplicates using "ap_id", but in Mastodon and Misskey the look like that: Mastodon: https://mastodon.example.com/users/roger Misskey: https:///misskey.example.com/users/104ab42f11 The fix is to also check for "uri", which is what will be in the "explicitly_mentioned_uris" list: Mastodon: https://mastodon.example.com/@roger Misskey: https://misskey.example.com/@roger	2023-05-26 12:30:19 -04:00
tusooa	1fa196d8f7	Fix deleting banned users' statuses	2023-05-25 19:00:38 -04:00
tusooa	2c66f584b5	Show more informative errors when profile exceeds char limits	2023-05-25 08:22:33 -04:00
tusooa	819a82da99	Fix unused variable	2023-05-22 08:19:58 -04:00
tusooa	505e58d4eb	Fix ObjectTest	2023-05-22 08:14:20 -04:00
Haelwenn	0524e66a05	Merge branch 'accept-tags-2.5' into 'develop' TagValidator: Drop unrecognized Tag types Closes #2952 See merge request pleroma/pleroma!3823	2023-05-17 19:04:51 +00:00
Haelwenn	ce1c0f75cd	Merge branch 'tusooa/3065-scopes' into 'develop' OAuth scopes descriptions Closes #3065 See merge request pleroma/pleroma!3848	2023-05-17 18:51:26 +00:00
Haelwenn (lanodan) Monnier	a5066bb078	CommonFields: Use BareUri for :url Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3121	2023-05-17 17:25:46 +02:00
Haelwenn (lanodan) Monnier	fb3335ffe2	EctoType: Add BareUri	2023-05-17 17:14:38 +02:00
tusooa	e170fc40dd	Fix build warning	2023-05-09 21:38:28 -04:00
tusooa	be5c5118cb	Make sure object refetching follows update rules	2023-05-09 21:04:27 -04:00
Henry Jameson	2a07411b0c	keep the websocket url for all modes	2023-05-07 15:34:17 +03:00
Henry Jameson	f50fd9278f	reduce redundant reduntancy reduction	2023-05-07 15:29:19 +03:00
Henry Jameson	f8ef4924ec	fix whitespace	2023-05-07 15:24:09 +03:00
Henry Jameson	c0d11da2d8	conditionally set csp depnding on media-proxy state	2023-05-07 15:16:30 +03:00
Haelwenn (lanodan) Monnier	fcd49e3985	User: Remove ap_enabled field	2023-05-05 11:11:26 +02:00
Haelwenn (lanodan) Monnier	238edc30de	User: Remove ap_enabled?/1	2023-05-05 11:11:26 +02:00
Haelwenn (lanodan) Monnier	9dfa1c4be0	ActivityPub: Mark fetch_and_prepare_user_from_ap_id/1 as private	2023-05-05 11:11:26 +02:00
Haelwenn (lanodan) Monnier	8181be89a2	Federator: Stop using ap_enabled?/1	2023-05-05 11:11:26 +02:00
Haelwenn (lanodan) Monnier	e17265a7a2	TransmogrifierWorker: Remove obsolete worker	2023-05-05 11:11:26 +02:00
Haelwenn (lanodan) Monnier	2ee483ba41	Transmogrifier: Remove upgrade_user_from_ap_id	2023-05-05 11:11:26 +02:00
Haelwenn (lanodan) Monnier	3962253cf1	Publisher: Stop filtering via ap_enabled?/1	2023-05-05 11:11:26 +02:00
Haelwenn (lanodan) Monnier	606f78f5e5	ActivityPub: Stop relying on ap_enabled and upgrade_user_from_ap_id	2023-05-05 11:11:26 +02:00
Haelwenn (lanodan) Monnier	0903c41645	User: Stop relying on ap_enabled	2023-05-05 11:11:26 +02:00
Haelwenn (lanodan) Monnier	4fd96b24ae	AddRemoveValidator: Use User.fetch_by_ap_id instead of upgrade_user_from_ap_id	2023-05-05 11:11:26 +02:00
tusooa	6d0ebccdb0	Make webui use translated scope descriptions	2023-05-02 16:32:33 -04:00
tusooa	85bdbb102e	Add extraction process for oauth scopes	2023-05-02 16:32:10 -04:00
HJ	675639225a	allow https: so that flash works across instances without need for media proxy	2023-04-28 11:13:42 +00:00
tusooa	248f914e6e	Merge branch 'list-installed-frontends' into 'develop' List installed frontend refs in admin API See merge request pleroma/pleroma!3862	2023-04-27 02:56:19 +00:00
tusooa	ddf57596be	Merge branch 'bugfix/content-disposition' into 'develop' UploadedMedia: Add missing disposition_type to Content-Disposition Closes #3114 See merge request pleroma/pleroma!3873	2023-04-26 15:39:20 +00:00
duponin	0231a09310	Remove SSH/BBS feature from core And link to sshocial, the replacement client for this removed feature	2023-04-23 10:47:07 +02:00
Haelwenn (lanodan) Monnier	2148ef5e2f	UploadedMedia: Increase readability via ~s sigil	2023-04-18 00:12:42 +02:00
Haelwenn (lanodan) Monnier	8f0f58e28b	UploadedMedia: Add missing disposition_type to Content-Disposition Set it to `inline` because the vast majority of what's sent is multimedia content while `attachment` would have the side-effect of triggering a download dialog. Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3114	2023-04-18 00:09:19 +02:00
Haelwenn	3867b52aef	Merge branch 'tusooa/3027-dedupe-poll' into 'develop' Dedupe poll options Closes #3027 See merge request pleroma/pleroma!3860	2023-04-13 08:40:04 +00:00
Ekaterina Vaartis	6a63dced4a	Fix tests for frontend installation	2023-03-30 19:25:35 +03:00
Haelwenn	e4288df502	Merge branch 'background-timeout' into 'develop' Set background worker timeout to 15 minutes See merge request pleroma/pleroma!3857	2023-03-30 12:48:35 +02:00
tusooa	40f14fd31c	Merge branch 'remove-crypt' into 'develop' Remove crypt(3) support Closes #3030 and #3062 See merge request pleroma/pleroma!3847	2023-03-30 12:47:36 +02:00
Haelwenn	937df7e465	Merge branch 'fix/tag-feed-crashes' into 'develop' fix: atom/rss feed issues Closes #3045 See merge request pleroma/pleroma!3851	2023-03-30 12:46:35 +02:00
Haelwenn	d640df3927	Merge branch 'fix/static-fe-feed-500' into 'develop' fix: remove static_fe pipeline for /users/:nickname/feed See merge request pleroma/pleroma!3852	2023-03-30 12:45:39 +02:00
Haelwenn	22b72cd6b8	Merge branch 'tusooa/oban-common-pipeline' into 'develop' Stop oban from retrying if validating errors occur when processing incoming data See merge request pleroma/pleroma!3844	2023-03-30 12:43:58 +02:00
Ekaterina Vaartis	3037d2780c	Also list frontends that are not in the config file	2023-03-30 11:16:40 +03:00
Ekaterina Vaartis	d3b27d45a9	List installed frontend refs in admin API	2023-03-29 23:23:06 +03:00
tusooa	c5d946bc92	Fix emoji reactions for legacy 2-tuple formats	2023-03-26 15:12:40 -04:00
tusooa	10930f7507	Dedupe poll options	2023-03-25 23:20:07 -04:00
Haelwenn	6d0cc8fa2a	Merge branch 'features/image-object' into 'develop' Add support for Image objects Closes #1581 See merge request pleroma/pleroma!3145	2023-03-25 06:35:55 +00:00
anemone	f463b7570e	Set background worker timeout to 15 minutes	2023-03-23 23:14:52 -07:00
Haelwenn (lanodan) Monnier	9a2523a09a	instances: Store some metadata based on NodeInfo	2023-03-16 09:02:20 +01:00
Haelwenn	353538d16c	Merge branch 'pleroma-akkoma-emoji-port' into 'develop' Custom emoji reactions support See merge request pleroma/pleroma!3845	2023-03-16 08:00:00 +00:00
Haelwenn	c3600b6104	Merge branch 'feat/fields-rel-me-tag' into 'develop' feat: build rel me tags with profile fields See merge request pleroma/pleroma!3850	2023-03-16 07:53:27 +00:00

1 2 3 4 5 ...

9235 commits