Commit Graph

32 Commits

Author SHA1 Message Date
Mark Felder bff04da0f3 Pleroma.Emoji.Pack: fix gradient error
lib/pleroma/emoji/pack.ex: The tuple {:cwd, tmp_dir} on line 103 is expected to have type :cooked
| :keep_old_files
| :memory
| :verbose
| {:cwd, list(char())}
| {:file_filter, (record(:zip_file) -> boolean())}
| {:file_list, list(:file.name())} but it has type {:cwd, binary()}
2024-02-02 12:14:21 -05:00
Ekaterina Vaartis 29158681f9 Fetch count before downloading the pack and use that as page size 2024-01-07 17:07:50 +03:00
Ekaterina Vaartis 69e4ebbb8e Make remote emoji packs API use specifically the V1 URL
Akkoma does not understand it without V1, and it works either way with
normal pleroma, so no reason to not do this
2024-01-07 15:30:52 +03:00
Mark Felder 2c79509453 Resolve information disclosure vulnerability through emoji pack archive download endpoint
The pack name has been sanitized so an attacker cannot upload a media
file called pack.json with their own handcrafted list of emoji files as
arbitrary files on the filesystem and then call the emoji pack archive
download endpoint with a pack name crafted to the location of the media
file they uploaded which tricks Pleroma into generating a zip file of
the target files the attacker wants to download.

The attack only works if the Pleroma instance does not have the
AnonymizeFilename upload filter enabled, which is currently the default.

Reported by: graf@poast.org
2023-08-04 08:40:27 +02:00
lain e853cfe7c3 Revert "Merge branch 'copyright-bump' into 'develop'"
This reverts merge request !3825
2023-01-02 20:38:50 +00:00
marcin mikołajczak 10886eeaa2 Bump copyright year
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2023-01-01 12:13:06 +01:00
Sean King 17aa3644be
Copyright bump for 2022 2022-02-25 23:11:42 -07:00
Haelwenn (lanodan) Monnier c4439c630f
Bump Copyright to 2021
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;'
2021-01-13 07:49:50 +01:00
lain 95a9bdfc37 Tests: Use NullCache for async tests.
Caching can't work in async tests, so for them it is mocked to a
null cache that is always empty. Synchronous tests are stubbed
with the real Cachex, which is emptied after every test.
2020-12-18 19:53:19 +01:00
lain 713612c377 Cachex: Make caching provider switchable at runtime.
Defaults to Cachex.
2020-12-18 17:44:46 +01:00
Maksim Pechnikov e1d25bad0c fix tests 2020-11-16 21:45:37 +03:00
Maksim Pechnikov 1830b6aae5 added error messages for posix error code 2020-11-13 15:21:59 +03:00
Ekaterina Vaartis 8f00d90f91 Use Pleroma.HTTP instead of Tesla
Closes #2275

As discovered in the issue, captcha used Tesla.get instead of
Pleroma.HTTP. I've also grep'ed the repo and changed the other place
where this was used.
2020-11-01 12:05:39 +03:00
Mark Felder 8539e386c3 Add missing Copyright headers 2020-10-12 12:00:50 -05:00
Alexander Strizhakov 8c6ec4c111
pack routes change 2020-09-24 09:16:14 +03:00
Alexander Strizhakov dbbc801667
pagination for remote emoji packs 2020-09-24 09:12:39 +03:00
Alexander Strizhakov 9b6d89ff8c
support for special chars in pack name 2020-09-24 09:12:37 +03:00
Maksim 489a107cf4 Apply 1 suggestion(s) to 1 file(s) 2020-09-13 11:54:15 +00:00
Maksim b267b751d4 Apply 1 suggestion(s) to 1 file(s) 2020-08-25 05:38:25 +00:00
Maksim Pechnikov 14ec12ac95 added tests 2020-08-24 15:01:45 +03:00
Maksim Pechnikov f5845ff033 upload emoji zip file 2020-08-22 10:42:02 +03:00
Alexander Strizhakov aae1af8cf1
fix for emoji pagination in pack show 2020-06-24 18:06:30 +03:00
Alexander Strizhakov 1a704e1f1e
fix for packs pagination 2020-06-20 10:56:28 +03:00
Alexander Strizhakov 3e3f9253e6
adding overall count for packs and files 2020-06-19 10:17:24 +03:00
Alexander Strizhakov 4975ed86bc
emoji pagination for pack show action 2020-06-18 18:50:03 +03:00
Alexander Strizhakov 3becdafd33
emoji packs pagination 2020-06-18 14:32:21 +03:00
Mark Felder 95f6240889 Fix minor spelling error 2020-05-27 14:34:37 -05:00
Egor Kislitsyn 8bde8dfec2
Cleanup Pleroma.Emoji.Pack 2020-05-18 19:43:23 +04:00
Egor Kislitsyn 6e4de715b3
Add OpenAPI spec for PleromaAPI.EmojiAPIController 2020-05-18 19:28:46 +04:00
Alexander Strizhakov 36abeedf9f
error rename 2020-04-30 16:09:22 +03:00
Alexander Strizhakov ddb757f743
emoji api packs changes in routes with docs update 2020-04-30 16:09:18 +03:00
Alexander Strizhakov 342f55fb92
refactor emoji api with fixes 2020-04-30 15:45:52 +03:00