pleroma

mirror of https://git.pleroma.social/pleroma/pleroma.git synced 2024-06-26 09:00:45 +00:00

Author	SHA1	Message	Date
tusooa	8596f92654	Fix TransmogrifierTest	2023-09-13 19:20:32 -04:00
tusooa	e349e92a44	Add mrf to force link tag of quoting posts	2023-09-13 19:20:30 -04:00
tusooa	479a6f11db	Keep incoming Link tag	2023-09-13 19:19:44 -04:00
tusooa	e9cd004ba1	Parse object link as quoteUrl	2023-09-13 19:19:42 -04:00
tusooa	163e563733	Allow more flexibility in InlineQuotePolicy	2023-09-13 19:19:05 -04:00
tusooa	762794eed9	Fix CommonAPITest	2023-09-13 19:19:05 -04:00
tusooa	9bcec87aba	Allow local quote and private self-quote	2023-09-13 19:19:05 -04:00
Alex Gleason	f9697e68c2	InlineQuotePolicy: skip objects which already have an .inline-quote span	2023-09-13 19:19:05 -04:00
Alex Gleason	79fca39faf	Actually, don't send _misskey_quote anymore	2023-09-13 19:19:05 -04:00
Alex Gleason	4075eecca0	InlineQuotePolicy: improve the way Markdown quotes are displayed by other software	2023-09-13 19:19:05 -04:00
Alex Gleason	817e308c0d	Handle Fedibird's new quoteUri field	2023-09-13 19:19:05 -04:00
Alex Gleason	3c8319fe9f	Transmogrifier: federate quotes with _misskey_quote field	2023-09-13 19:19:04 -04:00
Alex Gleason	cf8e425883	StatusView: return quote post inside a reblog	2023-09-13 19:19:04 -04:00
Alex Gleason	bee7e41959	InlineQuotePolicy: don't add line breaks to markdown posts	2023-09-13 19:19:04 -04:00
Alex Gleason	74e0a4555f	StatusView: add `quote_visible` param	2023-09-13 19:19:04 -04:00
Alex Gleason	6f11f11519	StatusView: fix quote visibility	2023-09-13 19:19:04 -04:00
Alex Gleason	59326247aa	CommonAPI: disallow quoting private posts through the API	2023-09-13 19:19:04 -04:00
Alex Gleason	57ef1d1211	Add InlineQuotePolicy to force quote URLs inline	2023-09-13 19:19:04 -04:00
Alex Gleason	1f19dd76f6	ActivityDraft: mix format, defensive actor ID	2023-09-13 19:19:04 -04:00
Alex Gleason	54a9897938	ActivityDraft: mention the OP of a quoted post	2023-09-13 19:19:04 -04:00
Alex Gleason	80ab2572a4	Return quote_url through the API, don't render quotes more than 1 level deep	2023-09-13 19:19:04 -04:00
Alex Gleason	f4ccdfd503	Fix typos	2023-09-13 19:19:03 -04:00
Alex Gleason	cbd1760efa	TransmogrifierTest: prepare an outgoing quote post	2023-09-13 19:19:03 -04:00
Alex Gleason	3a8b5d90df	StatusControllerTest: test creating a quote post	2023-09-13 19:19:03 -04:00
Alex Gleason	c20e90e898	BuilderTest: build quote post	2023-09-13 19:19:03 -04:00
Alex Gleason	d4fea8b559	ActivityDraft: allow quoting	2023-09-13 19:19:03 -04:00
Alex Gleason	0d9c443e51	StatusView: render the whole quoted status	2023-09-13 19:19:03 -04:00
Alex Gleason	b022d6635d	Transmogrifier: fetch quoted post	2023-09-13 19:19:03 -04:00
Alex Gleason	795736af16	ObjectValidators: improve quoteUrl compatibility	2023-09-13 19:19:03 -04:00
Alex Gleason	7deda1fa18	Quote post: add fixtures	2023-09-13 19:19:02 -04:00
Mint	1afde067b1	CommonAPI: Prevent users from accessing media of other users	2023-09-03 10:41:37 +02:00
mae	48b1e9bdc7	Completely disable xml entity resolution	2023-08-05 14:17:04 +02:00
FloatingGhost	307692cee8	Add unit test for external entity loading	2023-08-05 08:14:27 +02:00
Haelwenn (lanodan) Monnier	65ef8f19c5	release_runtime_provider_test: chmod config for hardened permissions Git doesn't manages file permissions precisely enough for us.	2023-08-04 09:50:28 +02:00
Mark Felder	2c79509453	Resolve information disclosure vulnerability through emoji pack archive download endpoint The pack name has been sanitized so an attacker cannot upload a media file called pack.json with their own handcrafted list of emoji files as arbitrary files on the filesystem and then call the emoji pack archive download endpoint with a pack name crafted to the location of the media file they uploaded which tricks Pleroma into generating a zip file of the target files the attacker wants to download. The attack only works if the Pleroma instance does not have the AnonymizeFilename upload filter enabled, which is currently the default. Reported by: graf@poast.org	2023-08-04 08:40:27 +02:00
Haelwenn	819fccb7d1	Merge branch 'tusooa/3154-attachment-type-check' into 'develop' Restrict attachments to only uploaded files only Closes #3154 See merge request pleroma/pleroma!3923	2023-08-03 10:01:32 +00:00
faried nawaz	dc4de79d43	status context: perform visibility check on activities around a status issue #2927	2023-07-28 18:45:59 +05:00
tusooa	ea4225a646	Restrict attachments to only uploaded files only	2023-07-18 18:39:59 -04:00
tusooa	1459d64508	Make regex-to-string descriptor reusable	2023-07-07 07:09:35 -04:00
tusooa	ba3aa4f86d	Fix edge cases	2023-07-07 06:58:32 -04:00
tusooa	d670dbdbd3	Test that unicode emoji reactions are not affected	2023-07-07 06:58:32 -04:00
tusooa	ef8a6c539a	Make EmojiPolicy aware of custom emoji reactions	2023-07-07 06:58:31 -04:00
tusooa	7eb8abf7bb	EmojiPolicy: Implement delist	2023-07-07 06:58:31 -04:00
tusooa	80ce6482f6	EmojiPolicy: implement remove by shortcode	2023-07-07 06:58:31 -04:00
tusooa	28ff828caa	Add emoji policy to remove emojis matching certain urls https://git.pleroma.social/pleroma/pleroma/-/issues/2775	2023-07-07 06:58:22 -04:00
Haelwenn	0262916978	Merge branch 'testfix/system-config-use' into 'develop' release_runtime_provider_test: Explicitely use non-existant config file See merge request pleroma/pleroma!3910	2023-07-02 21:28:15 +00:00
Haelwenn	a31a4c522f	Merge branch 'tusooa/3131-handle-report-from-deactivated-user' into 'develop' Fix handling report from a deactivated user Closes #3131 See merge request pleroma/pleroma!3915	2023-07-02 21:27:15 +00:00
tusooa	6e4de2383f	Fix handling report from a deactivated user	2023-07-02 11:15:34 -04:00
tusooa	a1621839cc	Fix user fetch completely broken if featured collection is not in a supported form	2023-07-02 11:03:09 -04:00
tusooa	48e490cd58	Merge branch 'bugfix/full-revert-media-host-validation' into 'develop' Merge Revert "Merge branch 'validate-host' into 'develop'" Closes #3136 See merge request pleroma/pleroma!3909	2023-07-01 21:54:18 +00:00

1 2 3 4 5 ...

5874 commits