Mark Felder
2c79509453
Resolve information disclosure vulnerability through emoji pack archive download endpoint
...
The pack name has been sanitized so an attacker cannot upload a media
file called pack.json with their own handcrafted list of emoji files as
arbitrary files on the filesystem and then call the emoji pack archive
download endpoint with a pack name crafted to the location of the media
file they uploaded which tricks Pleroma into generating a zip file of
the target files the attacker wants to download.
The attack only works if the Pleroma instance does not have the
AnonymizeFilename upload filter enabled, which is currently the default.
Reported by: graf@poast.org
2023-08-04 08:40:27 +02:00
lain
e853cfe7c3
Revert "Merge branch 'copyright-bump' into 'develop'"
...
This reverts merge request !3825
2023-01-02 20:38:50 +00:00
marcin mikołajczak
10886eeaa2
Bump copyright year
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2023-01-01 12:13:06 +01:00
Sean King
17aa3644be
Copyright bump for 2022
2022-02-25 23:11:42 -07:00
Haelwenn (lanodan) Monnier
c4439c630f
Bump Copyright to 2021
...
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/ >;'
2021-01-13 07:49:50 +01:00
lain
95a9bdfc37
Tests: Use NullCache for async tests.
...
Caching can't work in async tests, so for them it is mocked to a
null cache that is always empty. Synchronous tests are stubbed
with the real Cachex, which is emptied after every test.
2020-12-18 19:53:19 +01:00
lain
713612c377
Cachex: Make caching provider switchable at runtime.
...
Defaults to Cachex.
2020-12-18 17:44:46 +01:00
Maksim Pechnikov
e1d25bad0c
fix tests
2020-11-16 21:45:37 +03:00
Maksim Pechnikov
1830b6aae5
added error messages for posix error code
2020-11-13 15:21:59 +03:00
Ekaterina Vaartis
8f00d90f91
Use Pleroma.HTTP instead of Tesla
...
Closes #2275
As discovered in the issue, captcha used Tesla.get instead of
Pleroma.HTTP. I've also grep'ed the repo and changed the other place
where this was used.
2020-11-01 12:05:39 +03:00
Mark Felder
8539e386c3
Add missing Copyright headers
2020-10-12 12:00:50 -05:00
Alexander Strizhakov
8c6ec4c111
pack routes change
2020-09-24 09:16:14 +03:00
Alexander Strizhakov
dbbc801667
pagination for remote emoji packs
2020-09-24 09:12:39 +03:00
Alexander Strizhakov
9b6d89ff8c
support for special chars in pack name
2020-09-24 09:12:37 +03:00
Maksim
489a107cf4
Apply 1 suggestion(s) to 1 file(s)
2020-09-13 11:54:15 +00:00
Maksim
b267b751d4
Apply 1 suggestion(s) to 1 file(s)
2020-08-25 05:38:25 +00:00
Maksim Pechnikov
14ec12ac95
added tests
2020-08-24 15:01:45 +03:00
Maksim Pechnikov
f5845ff033
upload emoji zip file
2020-08-22 10:42:02 +03:00
Alexander Strizhakov
aae1af8cf1
fix for emoji pagination in pack show
2020-06-24 18:06:30 +03:00
Alexander Strizhakov
1a704e1f1e
fix for packs pagination
2020-06-20 10:56:28 +03:00
Alexander Strizhakov
3e3f9253e6
adding overall count for packs and files
2020-06-19 10:17:24 +03:00
Alexander Strizhakov
4975ed86bc
emoji pagination for pack show action
2020-06-18 18:50:03 +03:00
Alexander Strizhakov
3becdafd33
emoji packs pagination
2020-06-18 14:32:21 +03:00
Mark Felder
95f6240889
Fix minor spelling error
2020-05-27 14:34:37 -05:00
Egor Kislitsyn
8bde8dfec2
Cleanup Pleroma.Emoji.Pack
2020-05-18 19:43:23 +04:00
Egor Kislitsyn
6e4de715b3
Add OpenAPI spec for PleromaAPI.EmojiAPIController
2020-05-18 19:28:46 +04:00
Alexander Strizhakov
36abeedf9f
error rename
2020-04-30 16:09:22 +03:00
Alexander Strizhakov
ddb757f743
emoji api packs changes in routes with docs update
2020-04-30 16:09:18 +03:00
Alexander Strizhakov
342f55fb92
refactor emoji api with fixes
2020-04-30 15:45:52 +03:00