Darius Kazemi
a52bd88273
Expose the "default_federation" preference on the preferences API
...
Now when you make a call to `api/v1/preferences` you get a `posting:default:federation` response, which is `true` if the user's posts federate by default, and `false` if the user's posts are local-only by default.
2022-12-01 21:23:10 -08:00
Darius Kazemi
73bdd71e09
Merge tag 'v3.5.5' into hometown-dev
2022-11-14 13:44:19 -08:00
Claire
696f7b3608
Bump version to 3.5.5
2022-11-14 22:26:24 +01:00
Claire
b22e1476ca
Fix nodes order being sometimes mangled when rewriting emoji ( #20677 )
...
* Fix front-end emoji tests
* Fix nodes order being sometimes mangled when rewriting emoji
2022-11-14 22:20:29 +01:00
Darius Kazemi
f5ffda7cf3
Merge tag 'v3.5.4' into hometown-dev
2022-11-14 11:47:27 -08:00
Claire
105ab82425
Bump version to 3.5.4
2022-11-14 20:09:16 +01:00
Claire
2dd8f977e8
Fix emoji substitution not applying only to text nodes in backend code
...
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-11-14 11:20:41 +01:00
Claire
2db06e1d08
Fix emoji substitution not applying only to text nodes in Web UI
...
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
2022-11-14 11:20:41 +01:00
Eugen Rochko
063579373e
Fix rate limiting for paths with formats
2022-11-14 11:20:41 +01:00
Pierre Bourdon
1659788de4
blurhash_transcoder: prevent out-of-bound reads with <8bpp images ( #20388 )
...
The Blurhash library used by Mastodon requires an input encoded as 24
bits raw RGB data. The conversion to raw RGB using Imagemagick did not
previously specify the desired bit depth. In some situations, this leads
Imagemagick to output in a pixel format using less bpp than expected.
This then manifested as segfaults of the Sidekiq process due to
out-of-bounds read, or potentially a (highly noisy) memory infoleak.
Fixes #19235 .
2022-11-14 11:20:41 +01:00
Claire
47eaf85f02
Fix crash when a remote Flag activity mentions a private post ( #18760 )
...
* Add tests
* Fix crash when a remote Flag activity mentions a private post
2022-11-14 11:20:41 +01:00
Darius Kazemi
7adebd4349
Bump version
2022-11-11 16:12:45 -08:00
Darius Kazemi
66e6c0108a
Merge pull request #1186 from therabidbanana/dh-fix-article-format
...
Updates the article formatter to strip unsafe HTML
2022-11-11 16:05:18 -08:00
Darius Kazemi
e70e576ba5
Merge pull request #1193 from johnholdun/local-only-public-hashtag
...
Hide local-only posts from public tag view
2022-11-11 16:01:30 -08:00
Darius Kazemi
8180eda331
Merge pull request #1194 from johnholdun/update-replies-policy
...
Support changing list replies policy from web UI
2022-11-11 15:59:50 -08:00
Darius Kazemi
2d4cd4d561
Merge pull request #1195 from johnholdun/federated-dropdown-value
...
Add data-index attribute to local-only dropdown option
2022-11-11 15:59:35 -08:00
Darius Kazemi
fe340a6a80
Merge pull request #1196 from johnholdun/hide-private-pinned-statuses
...
Hide follower-only pinned statuses from logged-out users
2022-11-11 15:58:37 -08:00
Darius Kazemi
3f2b00542b
Fixing German localization
2022-11-11 15:47:06 -08:00
Darius Kazemi
a67ac3cabd
Fixing stray "Mastodon" text
2022-11-11 15:46:54 -08:00
Darius Kazemi
2427c24c47
Updating gemfile.llock to comply with 035470e
2022-11-11 15:46:26 -08:00
Claire
035470e081
Fix backend compatibility with OpenSSL 3.0 ( #18449 )
...
* Update webpush to fork with OpenSSL 3 compatibility
* Fix tests with OpenSSL 3.0
* Update webauthn gem to latest release and update dependencies
2022-11-11 14:56:24 -08:00
Darius Kazemi
e311837121
Merge tag 'v3.5.3' into hometown-3.5.3-merge
2022-11-11 14:50:45 -08:00
John Holdun
7eedaeb007
Hide follower-only pinned statuses from logged-out users
...
Fixes #1178
2022-11-09 18:51:46 -08:00
John Holdun
e09c30053b
Add data-index attribute to local-only dropdown option
...
The dropdown previously relied on the fact that the falsy value in the federation dropdown had no data-index attribute. This commit changes the falsy value to false, allowing for better control with CSS.
Fixes #1185 .
2022-11-09 18:27:39 -08:00
John Holdun
4f7fa085cb
Support changing list replies policy from web UI
...
Modifest the arguments sent to the updateList function to properly set the new replies policy value, as well allowing for an undefined value for the exclusive setting which will result in no new value being sent to the API for that attribute--that is, it will be left unchanged unless otherwise specified.
Fixes #1191
2022-11-09 18:04:45 -08:00
John Holdun
6e2ed8a8f9
Hide local-only posts from public tag view
...
Fixes #1180
2022-11-09 16:34:09 -08:00
Darius Kazemi
69ff67746b
Trying to be clearer what "light weight" means
2022-11-08 13:39:40 -08:00
David
d8f85dfcb6
Also download file
2022-10-30 22:47:10 +00:00
David
2f970e8bb7
Updates the formatter to be smarter
2022-10-30 22:13:45 +00:00
Darius Kazemi
8527f01987
Merge pull request #1173 from garritfra/feature/update-de-translations
...
Translate Hometown-specific strings to German
2022-06-13 08:58:07 -07:00
Garrit Franke
ad9692b611
feat(l10n): translate missing german resources
2022-05-31 14:44:39 +02:00
Garrit Franke
e572a22553
feat(l10n): translate missing german frontend resources
2022-05-31 14:31:55 +02:00
Eugen Rochko
fbcbf7898f
Bump version to 3.5.3 ( #18530 )
2022-05-26 23:26:15 +02:00
Eugen Rochko
0a1992430d
Fix errors when rendering RSS feeds ( #18531 )
2022-05-26 23:02:42 +02:00
Eugen Rochko
52f4e834f2
Fix concurrent unfollowing decrementing follower count more than once ( #18527 )
2022-05-26 22:14:47 +02:00
Eugen Rochko
8a9acbe604
Fix being able to appeal a strike unlimited times ( #18529 )
...
Peculiarity of the `has_one` association is that the convenience
creation method deletes the previous association even if the new
one is invalid
2022-05-26 22:08:12 +02:00
Eugen Rochko
c4d2c39a75
Fix being able to report otherwise inaccessible statuses ( #18528 )
2022-05-26 22:08:02 +02:00
Eugen Rochko
1ff4877945
Fix empty votes arbitrarily increasing voters count in polls ( #18526 )
2022-05-26 22:06:10 +02:00
Eugen Rochko
976cd6413e
Fix moderator leak in undo_mark_statuses_as_sensitive ( #18525 )
...
Signed-off-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: 40826d <74816220+40826d@users.noreply.github.com>
2022-05-26 22:04:16 +02:00
Eugen Rochko
9f81b9f29a
Fix suspended users being able to access APIs that don't require a user ( #18524 )
2022-05-26 22:04:05 +02:00
Eugen Rochko
96129c2f10
Fix confirmation redirect to app without `Location` header ( #18523 )
2022-05-26 22:03:54 +02:00
Eugen Rochko
3e0e7a1cfb
Fix follower and other counters being able to go negative ( #18517 )
2022-05-26 20:32:48 +02:00
Yamagishi Kazutoshi
702b709d9a
Add ES6 compatibility to browserslist ( #18519 )
2022-05-26 20:29:28 +02:00
Eugen Rochko
d8abc0018f
Remove 3.3.x from supported versions in security policy ( #18516 )
2022-05-26 18:43:14 +02:00
Eugen Rochko
088dc0ec5a
Fix regression in `tootctl search deploy` caused by unloaded attribute ( #18514 )
2022-05-26 18:05:47 +02:00
Eugen Rochko
a4fa9e23fc
Change "dangerous" to "sensitive" in privacy policy and web UI ( #18515 )
...
Fix #18470
2022-05-26 17:55:05 +02:00
Claire
440eb71310
Change unapproved and unconfirmed account to not be accessible in the REST API ( #17530 )
...
* Change unapproved and unconfirmed account to not be accessible in the REST API
* Change Account#searchable? to reject unconfirmed and unapproved users
* Disable search for unapproved and unconfirmed users in Account.search_for
* Disable search for unapproved and unconfirmed users in Account.advanced_search_for
* Remove unconfirmed and unapproved accounts from Account.searchable scope
* Prevent mentions to unapproved/unconfirmed accounts
* Fix some old tests for Account.advanced_search_for
* Add some Account.advanced_search_for tests for existing behaviors
* Add some tests for Account.search_for
* Add Account.advanced_search_for tests unconfirmed and unapproved accounts
* Add Account.searchable tests
* Fix Account.without_unapproved scope potentially messing with previously-applied scopes
* Allow lookup of unconfirmed/unapproved accounts through /api/v1/accounts/lookup
This is so that the API can still be used to check whether an username is free
to use.
2022-05-26 15:50:33 +02:00
dependabot[bot]
86f4dba47e
Bump @babel/preset-env from 7.17.12 to 7.18.2 ( #18512 )
...
Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env ) from 7.17.12 to 7.18.2.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.18.2/packages/babel-preset-env )
---
updated-dependencies:
- dependency-name: "@babel/preset-env"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-26 09:16:19 +09:00
dependabot[bot]
77823333bb
Bump @babel/plugin-transform-runtime from 7.17.12 to 7.18.2 ( #18511 )
...
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime ) from 7.17.12 to 7.18.2.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.18.2/packages/babel-plugin-transform-runtime )
---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-runtime"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-26 09:06:44 +09:00
dependabot[bot]
ddddd4c043
Bump immutable from 4.0.0 to 4.1.0 ( #18502 )
...
Bumps [immutable](https://github.com/immutable-js/immutable-js ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/immutable-js/immutable-js/releases )
- [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md )
- [Commits](https://github.com/immutable-js/immutable-js/compare/v4.0.0...v4.1.0 )
---
updated-dependencies:
- dependency-name: immutable
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-26 08:41:07 +09:00