Commit Graph

2691 Commits

Author SHA1 Message Date
Matt Jankowski b06763dc11
Remove the `sr` locale override .rb files (#25927) 2023-07-26 15:39:53 +02:00
github-actions[bot] b9adea9695
New Crowdin Translations (automated) (#26072)
Co-authored-by: GitHub Actions <noreply@github.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-07-26 13:46:16 +02:00
Matt Jankowski bada7a65aa
Ignore long line in regex initializer (#26182) 2023-07-26 09:45:27 +02:00
Eugen Rochko 4d01d1a1ee
Remove 16:9 cropping from web UI (#26132) 2023-07-24 13:46:55 +02:00
mogaminsk db310f383d
Fix missing translation strings for importing lists (#26120) 2023-07-23 15:57:57 +02:00
Christian Schmidt 296ec6cf57
Override default Action Mailer `preview_path` (#26110) 2023-07-21 21:12:57 +02:00
gunchleoc 217ef7f2af
Replace 'favourite' by 'favorite' for American English (#26009) 2023-07-21 19:09:13 +02:00
Claire 889102013f Fix CSP headers being unintendedly wide (#26105) 2023-07-21 16:07:43 +02:00
Claire efd066670d Fix moderation interface for remote instances with a .zip TLD (#25885) 2023-07-21 16:07:43 +02:00
Claire 69c8f26946
Add check preventing Sidekiq workers from running with Makara configured (#25850)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2023-07-21 14:18:04 +02:00
Claire e5f1000ad1
Fix CSP headers being unintendedly wide (#26105) 2023-07-21 13:34:15 +02:00
Claire 934c7b33d1
Change default KeyGenerator digest to SHA1 to fix cookies in rolling upgrades (#26023) 2023-07-21 13:17:43 +02:00
Renaud Chaput 42698b4c5c
Fix the crossorigin attribute (#26096) 2023-07-21 11:14:26 +02:00
gunchleoc cabe1ea560
Change casing for 'Server Settings' string (#26011) 2023-07-20 15:17:40 +02:00
Misty De Méo b848ba3867
Paperclip: add support for Azure blob storage (#23607) 2023-07-19 09:02:49 +02:00
Matt Jankowski 6edd404482
Cleanup unused portions of statuses/status partial (#26045) 2023-07-19 08:44:16 +02:00
github-actions[bot] 47832a1ac0
New Crowdin Translations (automated) (#26054)
Co-authored-by: renchap <renchap@users.noreply.github.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-07-18 21:13:25 +02:00
Eugen Rochko 26e522ac55
Fix not actually connecting to the configured replica (#25977) 2023-07-17 08:26:52 +02:00
Stanislas Signoud 5fad7bd58a
Change links in multi-column mode so tabs are open in single-column mode (#25893) 2023-07-13 17:18:09 +02:00
Claire 41f65edb21
Fix embed dropdown menu item for unauthenticated users (#25964) 2023-07-13 15:53:03 +02:00
Matt Jankowski 644c5fddd8
Refactor `Status.tagged_with_all` for brakeman SQL injection warning (#25941) 2023-07-13 15:52:37 +02:00
Matt Jankowski ce43ed144c
Rails 7.0 update (#25668) 2023-07-13 09:36:07 +02:00
Matt Jankowski 1ef014802b
Refactor `Trends::Query` to avoid brakeman sql injection warnings (#25881) 2023-07-12 14:19:20 +02:00
Matt Jankowski f831452037
Refactor `Snowflake` to avoid brakeman sql injection warnings (#25879) 2023-07-12 10:44:58 +02:00
Matt Jankowski 2e1391fdd2
Fix `Naming/MemoizedInstanceVariableName` cop (#25928) 2023-07-12 10:08:51 +02:00
Matt Jankowski b786911c55
Fix `Lint/SendWithMixinArgument` cop (#25920) 2023-07-12 10:02:32 +02:00
Nick Schonning 1d557305d2
Enable Rubocop Style/FrozenStringLiteralComment (#23793) 2023-07-12 09:47:08 +02:00
Claire 9411fa4d36
Update brakeman ignores (#25912) 2023-07-11 17:08:37 +02:00
Nick Schonning e11032585b
Run brakeman in GitHub Actions (#23713) 2023-07-11 15:23:57 +02:00
Claire 4b5851974c
Fix moderation interface for remote instances with a .zip TLD (#25885) 2023-07-10 18:42:10 +02:00
Matt Jankowski cf33028f35
Admin mailer parameterization (#25759) 2023-07-08 20:03:38 +02:00
Kurtis Rainbolt-Greene e4cfe4b3db
First pass at multi-database for read replica using Rails native adapter (#25693)
Co-authored-by: emilweth <7402764+emilweth@users.noreply.github.com>
2023-07-08 19:45:36 +02:00
Matt Jankowski 0f9b803eb3
Regenerate brakeman ignore, pruning warnings (#25749) 2023-07-08 11:07:19 +02:00
Jasmin 0728a6a709
Merge upstream security fixes of v4.0.5 (#1316)
It's already running on our instance (queer.group) and working fine.

Manually reviewed the changes, hadn't found anything that could break
hometown-specific code.
And to update our instance, I also just followed the [steps on the
release](https://github.com/mastodon/mastodon/releases/tag/v4.0.5) aka
`bundle install && yarn install` followed by a restart of all processes.

---------

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Co-authored-by: Daniel M Brasil <danielmbrasil@protonmail.com>
Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
Co-authored-by: Vyr Cossont <VyrCossont@users.noreply.github.com>
Co-authored-by: Renaud Chaput <renchap@gmail.com>
2023-07-06 12:30:13 -07:00
Claire 0aa0b71f2c
Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Claire dc8f1fbd97
Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Renaud Chaput 8eb1bb8ba6 Allow carets in URL search params (#25216) 2023-07-06 13:45:40 +02:00
Claire e65e3a6d14 Add finer permission requirements for managing webhooks (#25463) 2023-07-06 13:45:40 +02:00
Claire a197fc094f Fix CSP headers when S3_ALIAS_HOST includes a path component (#25273) 2023-07-06 13:45:40 +02:00
Claire cca464bce3 Fix being able to vote on your own polls (#25015) 2023-07-06 13:45:40 +02:00
Eugen Rochko 54a10523e2
Change labels of live feeds tabs in web UI (#25683) 2023-07-03 22:57:18 +02:00
Eugen Rochko ba06a2f104
Revert "Rails 7 update" (#25667) 2023-07-02 11:14:22 +02:00
Matt Jankowski 50c2a03695
Rails 7 update (#24241) 2023-07-02 10:38:53 +02:00
Matt Jankowski f8bd581126
Remove unused routes (#25578) 2023-07-01 21:48:53 +02:00
Claire 1d622c8033
Add POST /api/v1/conversations/:id/unread (#25509) 2023-06-22 18:46:43 +02:00
Matt Jankowski c9cd634184
Use default `bootsnap/setup` in boot.rb (#25502) 2023-06-22 18:46:32 +02:00
Claire 602c458ab6
Add finer permission requirements for managing webhooks (#25463) 2023-06-22 14:52:25 +02:00
Eugen Rochko bca649ba79
Change edit profile page (#25413) 2023-06-14 04:38:07 +02:00
Eugen Rochko 39110d1d0a
Fix CAPTCHA page not following design pattern of sign-up flow (#25395) 2023-06-13 22:30:40 +02:00
Eugen Rochko 6637ef7852
Add unsubscribe link to e-mails (#25378) 2023-06-12 14:22:46 +02:00
Eugen Rochko 432a5d2d4b
Change "bot" label to "automated" (#25356) 2023-06-11 04:47:07 +02:00
Eugen Rochko 4c9406bdb0
Add time zone preference (#25342) 2023-06-10 03:29:37 +02:00
Claire f378f10404
Fix compatibility of recent migration with PostgreSQL 10 (#25324) 2023-06-07 01:53:50 +02:00
Nick Schonning c66250abf1
Autofix Rubocop Regex Style rules (#23690)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-06-06 14:50:51 +02:00
Eugen Rochko 4eda233e09
Add webhook templating (#23289)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-06-06 10:42:47 +02:00
Claire e428670e61
Fix CSP headers when S3_ALIAS_HOST includes a path component (#25273) 2023-06-05 17:35:05 +02:00
Matt Jankowski e49819142f
Remove unmaintained `nsa` gem (#25265) 2023-06-05 01:57:05 +02:00
Nick Schonning aea67d448b
Cleanup old translationRunner (#25241) 2023-06-02 20:01:36 +02:00
Claire 0766c9a631
Add card with who invited you to join when displaying rules on sign-up (#23475) 2023-06-02 18:35:37 +02:00
Claire 94329f28e1
Change wording of “Content cache retention period” setting to highlight destructive implications (#23261) 2023-06-02 18:09:08 +02:00
Renaud Chaput 942d850b0a
Allow carets in URL search params (#25216) 2023-06-01 12:14:49 +02:00
Claire e9385e93e9
Add a confirmation screen when suspending a domain (#25144) 2023-06-01 09:37:38 +02:00
Renaud Chaput 44cd88adc4
Upgrade react-intl (#24906) 2023-05-31 23:43:39 +02:00
Renaud Chaput d27216dc46
Enforce import order with ESLint (#25096) 2023-05-23 17:15:17 +02:00
Nick Schonning c0b9664a31
Autofix Rubocop spacing in config (#25022) 2023-05-22 13:17:56 +02:00
Darius Kazemi 9fe562c31c Merge tag 'v4.0.4' into hometown-4.0.4 2023-05-19 11:25:13 +01:00
Claire 5cd55d8aaf
Fix being able to vote on your own polls (#25015) 2023-05-17 00:08:42 +02:00
Claire bec6a1cad4
Add hCaptcha support (#25019) 2023-05-16 23:27:35 +02:00
Claire e60414792d
Add polling and automatic redirection to `/start` on email confirmation (#25013) 2023-05-16 18:03:52 +02:00
Nick Schonning cee4369cf5
Autofix Rubocop Lint/AmbiguousOperatorPrecedence (#25002) 2023-05-16 10:51:59 +02:00
Renaud Chaput 2e1c6e93ad
Bump `mkdirp` major version (#24978) 2023-05-15 09:40:24 +02:00
Eugen Rochko 3869e8c210
Change "Sign in" to "Login" (#24942) 2023-05-10 20:17:55 +02:00
Renaud Chaput 64ec41d89c
Make Webpack fail on failed imports (#24908) 2023-05-09 03:10:04 +02:00
Nick Schonning 1fe04f740a
Enable Rubocop Rails/FilePath (#23854) 2023-05-04 05:50:40 +02:00
Matt Jankowski 2c6c398c60
Fix Performance/CollectionLiteralInLoop cop (#24819) 2023-05-04 05:33:55 +02:00
Matt Jankowski a1cca1c8b6
Update capistrano config lock version to match bundle (#24820) 2023-05-04 05:31:04 +02:00
Matt Jankowski d9a958fcf7
Fix Performance/RedundantMerge cop (#24817) 2023-05-04 05:25:43 +02:00
Matt Jankowski 41eb49b984
Extract large route namespace blocks to separate files (#23914) 2023-05-02 15:41:20 +02:00
Claire 32a030dd74
Rewrite import feature (#21054) 2023-05-02 12:08:48 +02:00
Matt Jankowski d902a707a3
Fix Rails/CompactBlank cop (#24690) 2023-04-30 14:07:21 +02:00
Nick Schonning 6b95aaaa65
Remove empty HTTP error translations (#24210) 2023-04-30 17:04:15 +09:00
Eugen Rochko 0a08e9d3d3
New Crowdin updates (#24678)
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2023-04-30 17:02:11 +09:00
Mark Roszko c23d285b16
Remove the u in Favorite for non-gb english (#24667)
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2023-04-30 16:33:37 +09:00
João Pedro Marques 8f6e290c7a
Adds new follower/following routes (#24601) 2023-04-30 09:01:42 +02:00
Matt Jankowski 5a2aa06a51
Fix Rails/Present cop (#24688) 2023-04-30 06:47:50 +02:00
mogaminsk e0d075713f
Change i18n-fallbacks to English (#24727) 2023-04-30 02:22:20 +02:00
Nick Schonning 49fad26eca
Drop EOL Ruby 2.7 (#24237) 2023-04-27 01:46:18 +02:00
Eugen Rochko d4511f2a76
New Crowdin updates (#24617)
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2023-04-27 04:55:06 +09:00
Christian Schmidt 5141697323
Remove `tai` locale (#23880) 2023-04-23 22:49:07 +02:00
Nick Schonning ef3675d688
Remove empty Kushubian (csb) local files (#24151) 2023-04-23 22:43:12 +02:00
Nick Schonning 4687967176
Autofix Rubocop Style/NumericLiterals (#24468) 2023-04-23 22:30:07 +02:00
Eugen Rochko 9d75b03ba4
New Crowdin updates (#24517)
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2023-04-22 19:37:41 +09:00
Eugen Rochko e98c86050a
Refactor `Cache-Control` and `Vary` definitions (#24347) 2023-04-19 16:07:29 +02:00
Robert R George 4db8230194
Add trend management to admin API (#24257) 2023-04-18 11:33:30 +02:00
Eugen Rochko e5c0b16735
Add progress indicator to sign-up flow (#24545) 2023-04-16 07:01:24 +02:00
Eugen Rochko c5eba06d8c
New Crowdin updates (#24447)
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2023-04-12 20:21:32 +09:00
Eugen Rochko c9f3438efe
New Crowdin updates (#24378)
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2023-04-06 23:24:31 +09:00
Claire 4eaa6d58b2 Change root Chewy strategy to emit a warning instead of erroring out in production mode (#24327) 2023-04-04 12:41:27 +02:00
Claire ae64c5b7ec Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (#24200) 2023-04-04 12:41:27 +02:00
Claire 448986438e Change root Chewy strategy to emit a warning instead of erroring out in production mode (#24327) 2023-04-04 12:39:56 +02:00
Claire aa37eeadf3 Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (#24200) 2023-04-04 12:39:56 +02:00
Claire 5c499f54e3
Change root Chewy strategy to emit a warning instead of erroring out in production mode (#24327) 2023-04-03 15:05:39 +02:00
Eugen Rochko 4909c2e718
New Crowdin updates (#24276)
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2023-04-03 14:44:43 +02:00
fusagiko / takayamaki 4520e6473a
[Proposal] Make able to write React in Typescript (#16210)
Co-authored-by: berlysia <berlysia@gmail.com>
Co-authored-by: fusagiko / takayamaki <takayamaki@users.noreply.github.com>
2023-04-03 03:31:39 +02:00
Nick Schonning 500d6f93be
Autofix Rubocop Style/IdenticalConditionalBranches (#24322) 2023-03-31 09:33:52 +02:00
Eugen Rochko a9b5598c97
Change user settings to be stored in a more optimal way (#23630)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-03-30 14:44:00 +02:00
Claire e084b5b82d
Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (#24200) 2023-03-27 17:07:37 +02:00
Eugen Rochko cf12621e37
New Crowdin updates (#24130)
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2023-03-27 20:01:47 +09:00
Simon Elvery 148c3d5894
Update profile link verification instructions (#19723)
Co-authored-by: Effy Elden <effy@effy.space>
2023-03-22 11:22:35 +01:00
Matt Jankowski 7bef11630d
Remove references to non-existent actions (#24183) 2023-03-20 20:03:44 +01:00
Eugen Rochko 0ca54a4105
Remove `Permissions-Policy` header from all responses (#24124) 2023-03-20 20:02:09 +01:00
Jean byroot Boussier 160f38f03d
Workaround the ActiveRecord / Marshal serialization bug on Ruby 3.2 (#24142)
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
2023-03-17 14:37:30 +01:00
CSDUMMI d75a1e5054
Link to the Identity provider's account settings from the account settings (#24100)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-03-17 10:09:01 +01:00
Claire 9715a211c7 Add warning for object storage misconfiguration (#24137) 2023-03-16 22:49:35 +01:00
Eugen Rochko a6217bd035 Change user backups to use expiring URLs for download when possible (#24136) 2023-03-16 22:49:35 +01:00
Claire 6a7b91a038 Add warning for object storage misconfiguration (#24137) 2023-03-16 22:48:42 +01:00
Eugen Rochko 6db76875fd Change user backups to use expiring URLs for download when possible (#24136) 2023-03-16 22:48:42 +01:00
Claire 8fdf49b11d
Add warning for object storage misconfiguration (#24137) 2023-03-16 22:47:01 +01:00
Eugen Rochko 75e5a6e437
Change user backups to use expiring URLs for download when possible (#24136) 2023-03-16 22:46:52 +01:00
Eugen Rochko a085901108
New Crowdin updates (#23904)
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2023-03-16 21:02:00 +09:00
Eugen Rochko 59a2fe32ff Add cache headers to static files served through Rails (#24120) 2023-03-16 11:43:18 +01:00
Eugen Rochko 5cc39a3810 Add `SENDFILE_HEADER` environment variable (#24123) 2023-03-16 11:42:41 +01:00
CSDUMMI 4e02c7dc2c Support the PROXY protocol through the PROXY_PROTO_V1 env variable (#24064) 2023-03-16 11:42:27 +01:00
Christian Schmidt bd047acc35
Replace `Status#translatable?` with language matrix in separate endpoint (#24037) 2023-03-16 11:07:24 +01:00
Eugen Rochko 630436ab2d
Refactor monkey-patching of `PrivateAddressCheck` (#24122) 2023-03-16 04:33:38 +01:00
Eugen Rochko f0e727f958
Add cache headers to static files served through Rails (#24120) 2023-03-16 02:55:54 +01:00
Eugen Rochko 8cb2543ee5
Add `SENDFILE_HEADER` environment variable (#24123) 2023-03-16 02:55:13 +01:00
Eugen Rochko 6fa81ca17e
Remove `bullet` and `active_record_query_trace` gems (#24121) 2023-03-16 02:53:55 +01:00
CSDUMMI 5dee40b5f5
Support the PROXY protocol through the PROXY_PROTO_V1 env variable (#24064) 2023-03-14 14:47:57 +01:00
Thijs Kinkhorst c44ddbdb3e Fix paths with url-encoded @ to redirect to the correct path (#23593) 2023-03-14 10:00:19 +01:00
Claire d6f1bd2e08 Fix sidekiq jobs not triggering Elasticsearch index updates (#24046) 2023-03-14 09:59:56 +01:00
Claire ad77e8a2fb Fix `/api/v1/streaming` sub-paths not being redirected (#23988) 2023-03-14 09:59:38 +01:00
Eugen Rochko 0f2e8476e0 Fix pgBouncer resetting application name on every transaction (#23958) 2023-03-14 09:59:30 +01:00
Claire c22c4247d9 Fix server error when failing to follow back followers from `/relationships` (#23787) 2023-03-14 09:58:26 +01:00
Claire 2a37dc7967 Change unintended SMTP read timeout from 5 seconds to 20 seconds (#23750) 2023-03-13 18:49:38 +01:00
Thijs Kinkhorst 40ae8d5e03 Fix paths with url-encoded @ to redirect to the correct path (#23593) 2023-03-13 18:46:57 +01:00
Claire 479b66637b Fix sidekiq jobs not triggering Elasticsearch index updates (#24046) 2023-03-13 18:44:09 +01:00
Claire 4bfbeb8139 Fix `/api/v1/streaming` sub-paths not being redirected (#23988) 2023-03-13 18:43:04 +01:00
Eugen Rochko 2fed61a477 Fix pgBouncer resetting application name on every transaction (#23958) 2023-03-13 18:42:45 +01:00
Claire aff3f850de Fix server error when failing to follow back followers from `/relationships` (#23787) 2023-03-13 18:39:35 +01:00
Claire f432db7b9f
Fix sidekiq jobs not triggering Elasticsearch index updates (#24046) 2023-03-12 23:47:55 +01:00
Nick Schonning e594bb7d50
Convert CircleCI to GitHub Actions (#23608) 2023-03-07 04:49:43 +01:00
Claire 59b24c3688
Fix `/api/v1/streaming` sub-paths not being redirected (#23988) 2023-03-06 17:44:55 +01:00
Claire 21db91a0a8
Remove sidebar dead code (#23984) 2023-03-06 16:25:35 +01:00
Eugen Rochko dfa9843ac8
Fix pgBouncer resetting application name on every transaction (#23958) 2023-03-05 01:52:42 +01:00
Matt Jankowski 14f0b48fb6
Update browser gem to version 5.3.1 (#23945) 2023-03-05 00:33:08 +01:00
Jean byroot Boussier 922837dc96
Upgrade to latest redis-rb 4.x and fix deprecations (#23616)
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
2023-03-04 16:38:28 +01:00
Jamie Hoyle de137e6bb0
Added support for specifying S3 storage classes in environment (#22480) 2023-03-03 20:53:37 +01:00
Claire 02c6bad3ca
Change unintended SMTP read timeout from 5 seconds to 20 seconds (#23750) 2023-03-03 20:37:22 +01:00
Claire f8bb4d0d6b
Fix server error when failing to follow back followers from `/relationships` (#23787) 2023-03-03 20:36:18 +01:00