Fix IDN domains not being rendered correctly in a few left-over places (#17848)

2022-03-22 10:07:11 +01:00 · 2022-03-22 10:07:11 +01:00 · 392b367835
parent 4e9855e09a
commit 392b367835
27 changed files with 79 additions and 59 deletions
--- a/app/views/accounts/_moved.html.haml
+++ b/app/views/accounts/_moved.html.haml
@ -3,7 +3,7 @@
 .moved-account-widget
  .moved-account-widget__message
    = fa_icon 'suitcase'
-    = t('accounts.moved_html', name: content_tag(:bdi, content_tag(:strong, display_name(account, custom_emojify: true), class: :emojify)), new_profile_link: link_to(content_tag(:strong, safe_join(['@', content_tag(:span, moved_to_account.acct)])), ActivityPub::TagManager.instance.url_for(moved_to_account), class: 'mention'))
+    = t('accounts.moved_html', name: content_tag(:bdi, content_tag(:strong, display_name(account, custom_emojify: true), class: :emojify)), new_profile_link: link_to(content_tag(:strong, safe_join(['@', content_tag(:span, moved_to_account.pretty_acct)])), ActivityPub::TagManager.instance.url_for(moved_to_account), class: 'mention'))

  .moved-account-widget__card
    = link_to ActivityPub::TagManager.instance.url_for(moved_to_account), class: 'detailed-status__display-name p-author h-card', target: '_blank', rel: 'me noopener noreferrer' do
@ -17,4 +17,4 @@
      %span.display-name
        %bdi
          %strong.emojify= display_name(moved_to_account, custom_emojify: true)
-        %span @#{moved_to_account.acct}
+        %span @#{moved_to_account.pretty_acct}
--- a/app/views/admin/account_actions/new.html.haml
+++ b/app/views/admin/account_actions/new.html.haml
@ -1,11 +1,11 @@
 - content_for :page_title do
-  = t('admin.account_actions.title', acct: @account.acct)
+  = t('admin.account_actions.title', acct: @account.pretty_acct)

 = simple_form_for @account_action, url: admin_account_action_path(@account.id) do |f|
  = f.input :report_id, as: :hidden

  .fields-group
-    = f.input :type, as: :radio_buttons, collection: Admin::AccountAction.types_for_account(@account), include_blank: false, wrapper: :with_block_label, label_method: ->(type) { safe_join([I18n.t("simple_form.labels.admin_account_action.types.#{type}"), content_tag(:span, I18n.t("simple_form.hints.admin_account_action.types.#{type}"), class: 'hint')])}, hint: t('simple_form.hints.admin_account_action.type_html', acct: @account.acct)
+    = f.input :type, as: :radio_buttons, collection: Admin::AccountAction.types_for_account(@account), include_blank: false, wrapper: :with_block_label, label_method: ->(type) { safe_join([I18n.t("simple_form.labels.admin_account_action.types.#{type}"), content_tag(:span, I18n.t("simple_form.hints.admin_account_action.types.#{type}"), class: 'hint')])}, hint: t('simple_form.hints.admin_account_action.type_html', acct: @account.pretty_acct)

  - if @account.local?
    %hr.spacer/
--- a/app/views/admin/account_warnings/_account_warning.html.haml
+++ b/app/views/admin/account_warnings/_account_warning.html.haml
@ -5,7 +5,7 @@
        = fa_icon 'warning'
    .log-entry__content
      .log-entry__title
-        = t(account_warning.action, scope: 'admin.strikes.actions', name: content_tag(:span, account_warning.account.username, class: 'username'), target: content_tag(:span, account_warning.target_account.acct, class: 'target')).html_safe
+        = t(account_warning.action, scope: 'admin.strikes.actions', name: content_tag(:span, account_warning.account.username, class: 'username'), target: content_tag(:span, account_warning.target_account.pretty_acct, class: 'target')).html_safe
      .log-entry__timestamp
        %time.formatted{ datetime: account_warning.created_at.iso8601 }
          = l(account_warning.created_at)
--- a/app/views/admin/accounts/show.html.haml
+++ b/app/views/admin/accounts/show.html.haml
@ -1,5 +1,5 @@
 - content_for :page_title do
-  = @account.acct
+  = @account.pretty_acct

 - if @account.instance_actor?
  .flash-message.notice
--- a/app/views/admin/change_emails/show.html.haml
+++ b/app/views/admin/change_emails/show.html.haml
@ -1,5 +1,5 @@
 - content_for :page_title do
-  = t('admin.accounts.change_email.title', username: @account.acct)
+  = t('admin.accounts.change_email.title', username: @account.username)

 = simple_form_for @user, url: admin_account_change_email_path(@account.id) do |f|
  .fields-group
--- a/app/views/admin/disputes/appeals/_appeal.html.haml
+++ b/app/views/admin/disputes/appeals/_appeal.html.haml
@ -4,7 +4,7 @@
      = image_tag appeal.account.avatar.url(:original), alt: '', width: 40, height: 40, class: 'avatar'
    .log-entry__content
      .log-entry__title
-        = t(appeal.strike.action, scope: 'admin.strikes.actions', name: content_tag(:span, appeal.strike.account.username, class: 'username'), target: content_tag(:span, appeal.account.acct, class: 'target')).html_safe
+        = t(appeal.strike.action, scope: 'admin.strikes.actions', name: content_tag(:span, appeal.strike.account.username, class: 'username'), target: content_tag(:span, appeal.account.username, class: 'target')).html_safe
      .log-entry__timestamp
        %time.formatted{ datetime: appeal.strike.created_at.iso8601 }
          = l(appeal.strike.created_at)
--- a/app/views/admin/relationships/index.html.haml
+++ b/app/views/admin/relationships/index.html.haml
@ -1,5 +1,5 @@
 - content_for :page_title do
-  = t('admin.relationships.title', acct: @account.acct)
+  = t('admin.relationships.title', acct: @account.pretty_acct)

 .filters
  .filter-subset
--- a/app/views/admin/statuses/index.html.haml
+++ b/app/views/admin/statuses/index.html.haml
@ -4,7 +4,7 @@
 - content_for :page_title do
  = t('admin.statuses.title')
  \-
-  = "@#{@account.acct}"
+  = "@#{@account.pretty_acct}"

 .filters
  .filter-subset
--- a/app/views/admin_mailer/new_report.text.erb
+++ b/app/views/admin_mailer/new_report.text.erb
@ -1,5 +1,5 @@
 <%= raw t('application_mailer.salutation', name: display_name(@me)) %>

-<%= raw(@report.account.local? ? t('admin_mailer.new_report.body', target: @report.target_account.acct, reporter: @report.account.acct) : t('admin_mailer.new_report.body_remote', target: @report.target_account.acct, domain: @report.account.domain)) %>
+<%= raw(@report.account.local? ? t('admin_mailer.new_report.body', target: @report.target_account.pretty_acct, reporter: @report.account.pretty_acct) : t('admin_mailer.new_report.body_remote', target: @report.target_account.acct, domain: @report.account.domain)) %>

 <%= raw t('application_mailer.view')%> <%= admin_report_url(@report) %>
--- a/app/views/auth/registrations/_status.html.haml
+++ b/app/views/auth/registrations/_status.html.haml
@ -7,7 +7,7 @@
    = t('auth.status.pending')
 - elsif @user.account.moved_to_account_id.present?
  .flash-message.warning
-    = t('auth.status.redirecting_to', acct: @user.account.moved_to_account.acct)
+    = t('auth.status.redirecting_to', acct: @user.account.moved_to_account.pretty_acct)
    = link_to t('migrations.cancel'), settings_migration_path

 %h3= t('auth.status.account_status')
--- a/app/views/authorize_interactions/show.html.haml
+++ b/app/views/authorize_interactions/show.html.haml
@ -1,5 +1,5 @@
 - content_for :page_title do
-  = t('authorize_follow.title', acct: @resource.acct)
+  = t('authorize_follow.title', acct: @resource.pretty_acct)

 .form-container
  .follow-prompt
--- a/app/views/authorize_interactions/success.html.haml
+++ b/app/views/authorize_interactions/success.html.haml
@ -1,5 +1,5 @@
 - content_for :page_title do
-  = t('authorize_follow.title', acct: @resource.acct)
+  = t('authorize_follow.title', acct: @resource.pretty_acct)

 .form-container
  .follow-prompt
--- a/app/views/notification_mailer/_status.html.haml
+++ b/app/views/notification_mailer/_status.html.haml
@ -23,7 +23,7 @@
                                      = image_tag full_asset_url(status.account.avatar.url), alt:''
                                    %td{ align: 'left' }
                                      %bdi= display_name(status.account)
-                                      = "@#{status.account.acct}"
+                                      = "@#{status.account.pretty_acct}"

                              - if status.spoiler_text?
                                %div.auto-dir
--- a/app/views/notification_mailer/digest.text.erb
+++ b/app/views/notification_mailer/digest.text.erb
@ -3,7 +3,7 @@
 <%= raw t('notification_mailer.digest.body', since: l(@me.user_current_sign_in_at || @since), instance: root_url) %>
 <% @notifications.each do |notification| %>

-* <%= raw t('notification_mailer.digest.mention', name: notification.from_account.acct) %>
+* <%= raw t('notification_mailer.digest.mention', name: notification.from_account.pretty_acct) %>

  <%= raw Formatter.instance.plaintext(notification.target_status) %>

--- a/app/views/notification_mailer/favourite.html.haml
+++ b/app/views/notification_mailer/favourite.html.haml
@ -20,7 +20,7 @@
                                      = image_tag full_pack_url('media/images/mailer/icon_grade.png'), alt:''

                              %h1= t 'notification_mailer.favourite.title'
-                              %p.lead= t('notification_mailer.favourite.body', name: @account.acct)
+                              %p.lead= t('notification_mailer.favourite.body', name: @account.pretty_acct)

 = render 'status', status: @status

--- a/app/views/notification_mailer/favourite.text.erb
+++ b/app/views/notification_mailer/favourite.text.erb
@ -1,5 +1,5 @@
 <%= raw t('application_mailer.salutation', name: display_name(@me)) %>

-<%= raw t('notification_mailer.favourite.body', name: @account.acct) %>
+<%= raw t('notification_mailer.favourite.body', name: @account.pretty_acct) %>

 <%= render 'status', status: @status %>
--- a/app/views/notification_mailer/follow.html.haml
+++ b/app/views/notification_mailer/follow.html.haml
@ -20,7 +20,7 @@
                                      = image_tag full_pack_url('media/images/mailer/icon_person_add.png'), alt: ''

                              %h1= t 'notification_mailer.follow.title'
-                              %p.lead= t('notification_mailer.follow.body', name: @account.acct)
+                              %p.lead= t('notification_mailer.follow.body', name: @account.pretty_acct)

 %table.email-table{ cellspacing: 0, cellpadding: 0 }
  %tbody
--- a/app/views/notification_mailer/follow.text.erb
+++ b/app/views/notification_mailer/follow.text.erb
@ -1,5 +1,5 @@
 <%= raw t('application_mailer.salutation', name: display_name(@me)) %>

-<%= raw t('notification_mailer.follow.body', name: @account.acct) %>
+<%= raw t('notification_mailer.follow.body', name: @account.pretty_acct) %>

 <%= raw t('application_mailer.view')%> <%= web_url("accounts/#{@account.id}") %>
--- a/app/views/notification_mailer/follow_request.html.haml
+++ b/app/views/notification_mailer/follow_request.html.haml
@ -20,7 +20,7 @@
                                      = image_tag full_pack_url('media/images/mailer/icon_person_add.png'), alt: ''

                              %h1= t 'notification_mailer.follow_request.title'
-                              %p.lead= t('notification_mailer.follow_request.body', name: @account.acct)
+                              %p.lead= t('notification_mailer.follow_request.body', name: @account.pretty_acct)

 %table.email-table{ cellspacing: 0, cellpadding: 0 }
  %tbody
--- a/app/views/notification_mailer/follow_request.text.erb
+++ b/app/views/notification_mailer/follow_request.text.erb
@ -1,5 +1,5 @@
 <%= raw t('application_mailer.salutation', name: display_name(@me)) %>

-<%= raw t('notification_mailer.follow_request.body', name: @account.acct) %>
+<%= raw t('notification_mailer.follow_request.body', name: @account.pretty_acct) %>

 <%= raw t('application_mailer.view')%> <%= web_url("follow_requests") %>
--- a/app/views/notification_mailer/mention.html.haml
+++ b/app/views/notification_mailer/mention.html.haml
@ -20,7 +20,7 @@
                                      = image_tag full_pack_url('media/images/mailer/icon_reply.png'), alt: ''

                              %h1= t 'notification_mailer.mention.title'
-                              %p.lead= t('notification_mailer.mention.body', name: @status.account.acct)
+                              %p.lead= t('notification_mailer.mention.body', name: @status.account.pretty_acct)

 = render 'status', status: @status

--- a/app/views/notification_mailer/mention.text.erb
+++ b/app/views/notification_mailer/mention.text.erb
@ -1,5 +1,5 @@
 <%= raw t('application_mailer.salutation', name: display_name(@me)) %>

-<%= raw t('notification_mailer.mention.body', name: @status.account.acct) %>
+<%= raw t('notification_mailer.mention.body', name: @status.account.pretty_acct) %>

 <%= render 'status', status: @status %>
--- a/app/views/notification_mailer/reblog.html.haml
+++ b/app/views/notification_mailer/reblog.html.haml
@ -20,7 +20,7 @@
                                      = image_tag full_pack_url('media/images/mailer/icon_cached.png'), alt: ''

                              %h1= t 'notification_mailer.reblog.title'
-                              %p.lead= t('notification_mailer.reblog.body', name: @account.acct)
+                              %p.lead= t('notification_mailer.reblog.body', name: @account.pretty_acct)

 = render 'status', status: @status

--- a/app/views/notification_mailer/reblog.text.erb
+++ b/app/views/notification_mailer/reblog.text.erb
@ -1,5 +1,5 @@
 <%= raw t('application_mailer.salutation', name: display_name(@me)) %>

-<%= raw t('notification_mailer.reblog.body', name: @account.acct) %>
+<%= raw t('notification_mailer.reblog.body', name: @account.pretty_acct) %>

 <%= render 'status', status: @status %>
--- a/app/views/settings/aliases/index.html.haml
+++ b/app/views/settings/aliases/index.html.haml
@ -29,5 +29,5 @@
      - else
        - @aliases.each do |account_alias|
          %tr
-            %td= account_alias.acct
+            %td= account_alias.pretty_acct
            %td= table_link_to 'trash', t('aliases.remove'), settings_alias_path(account_alias), data: { method: :delete }
--- a/app/views/settings/migrations/show.html.haml
+++ b/app/views/settings/migrations/show.html.haml
@ -8,7 +8,7 @@
        = render 'application/card', account: current_account.moved_to_account
      .fields-row__column.fields-group.fields-row__column-6
        %p.hint
-          %span.positive-hint= t('migrations.redirecting_to', acct: current_account.moved_to_account.acct)
+          %span.positive-hint= t('migrations.redirecting_to', acct: current_account.moved_to_account.pretty_acct)

        %p.hint= t('migrations.cancel_explanation')

@ -76,7 +76,7 @@
              - if migration.target_account.present?
                = compact_account_link_to migration.target_account
              - else
-                = migration.acct
+                = migration.pretty_acct

            %td= number_with_delimiter migration.followers_count

--- a/config/brakeman.ignore
+++ b/config/brakeman.ignore
@ -7,7 +7,7 @@
      "check_name": "SQL",
      "message": "Possible SQL injection",
      "file": "app/models/status.rb",
-      "line": 105,
+      "line": 106,
      "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
      "code": "result.joins(\"INNER JOIN statuses_tags t#{id} ON t#{id}.status_id = statuses.id AND t#{id}.tag_id = #{id}\")",
      "render_path": null,
@ -27,7 +27,7 @@
      "check_name": "SQL",
      "message": "Possible SQL injection",
      "file": "app/models/trends/query.rb",
-      "line": 60,
+      "line": 76,
      "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
      "code": "klass.joins(\"join unnest(array[#{ids.join(\",\")}]) with ordinality as x (id, ordering) on #{klass.table_name}.id = x.id\")",
      "render_path": null,
@ -60,6 +60,36 @@
      "confidence": "High",
      "note": ""
    },
+    {
+      "warning_type": "Cross-Site Scripting",
+      "warning_code": 2,
+      "fingerprint": "71cf98c8235b5cfa9946b5db8fdc1a2f3a862566abb34e4542be6f3acae78233",
+      "check_name": "CrossSiteScripting",
+      "message": "Unescaped model attribute",
+      "file": "app/views/admin/disputes/appeals/_appeal.html.haml",
+      "line": 7,
+      "link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting",
+      "code": "t((Unresolved Model).new.strike.action, :scope => \"admin.strikes.actions\", :name => content_tag(:span, (Unresolved Model).new.strike.account.username, :class => \"username\"), :target => content_tag(:span, (Unresolved Model).new.account.username, :class => \"target\"))",
+      "render_path": [
+        {
+          "type": "template",
+          "name": "admin/disputes/appeals/index",
+          "line": 20,
+          "file": "app/views/admin/disputes/appeals/index.html.haml",
+          "rendered": {
+            "name": "admin/disputes/appeals/_appeal",
+            "file": "app/views/admin/disputes/appeals/_appeal.html.haml"
+          }
+        }
+      ],
+      "location": {
+        "type": "template",
+        "template": "admin/disputes/appeals/_appeal"
+      },
+      "user_input": "(Unresolved Model).new.strike",
+      "confidence": "Weak",
+      "note": ""
+    },
    {
      "warning_type": "SQL Injection",
      "warning_code": 0,
@ -121,33 +151,23 @@
      "note": ""
    },
    {
-      "warning_type": "Cross-Site Scripting",
-      "warning_code": 2,
-      "fingerprint": "afad51718ae373b2f19d2513029fd2afccf58b9148e475934bc6a162ee33c352",
-      "check_name": "CrossSiteScripting",
-      "message": "Unescaped model attribute",
-      "file": "app/views/admin/disputes/appeals/_appeal.html.haml",
-      "line": 7,
-      "link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting",
-      "code": "t((Unresolved Model).new.strike.action, :scope => \"admin.strikes.actions\", :name => content_tag(:span, (Unresolved Model).new.strike.account.username, :class => \"username\"), :target => content_tag(:span, (Unresolved Model).new.account.acct, :class => \"target\"))",
-      "render_path": [
-        {
-          "type": "template",
-          "name": "admin/disputes/appeals/index",
-          "line": 20,
-          "file": "app/views/admin/disputes/appeals/index.html.haml",
-          "rendered": {
-            "name": "admin/disputes/appeals/_appeal",
-            "file": "app/views/admin/disputes/appeals/_appeal.html.haml"
-          }
-        }
-      ],
+      "warning_type": "Mass Assignment",
+      "warning_code": 105,
+      "fingerprint": "ab5035dd1a9f8c3a8d92fb2c37e8fe86fede4f87c91b71aa32e89c9eede602fc",
+      "check_name": "PermitAttributes",
+      "message": "Potentially dangerous key allowed for mass assignment",
+      "file": "app/controllers/api/v1/notifications_controller.rb",
+      "line": 81,
+      "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
+      "code": "params.permit(:account_id, :types => ([]), :exclude_types => ([]))",
+      "render_path": null,
      "location": {
-        "type": "template",
-        "template": "admin/disputes/appeals/_appeal"
+        "type": "method",
+        "class": "Api::V1::NotificationsController",
+        "method": "browserable_params"
      },
-      "user_input": "(Unresolved Model).new.strike",
-      "confidence": "Weak",
+      "user_input": ":account_id",
+      "confidence": "High",
      "note": ""
    },
    {
@ -184,7 +204,7 @@
        {
          "type": "template",
          "name": "admin/trends/links/index",
-          "line": 45,
+          "line": 49,
          "file": "app/views/admin/trends/links/index.html.haml",
          "rendered": {
            "name": "admin/trends/links/_preview_card",
@ -207,7 +227,7 @@
      "check_name": "PermitAttributes",
      "message": "Potentially dangerous key allowed for mass assignment",
      "file": "app/controllers/api/v1/reports_controller.rb",
-      "line": 36,
+      "line": 26,
      "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
      "code": "params.permit(:account_id, :comment, :category, :forward, :status_ids => ([]), :rule_ids => ([]))",
      "render_path": null,
@ -221,6 +241,6 @@
      "note": ""
    }
  ],
-  "updated": "2022-02-15 03:48:53 +0100",
+  "updated": "2022-03-22 07:48:32 +0100",
  "brakeman_version": "5.2.1"
 }