Commit Graph

15246 Commits

Author SHA1 Message Date
Mark Felder 1ca1b4b32f changelog.d 2023-06-07 09:25:57 -04:00
Mark Felder fadcd7f1a9 Revert MediaProxy Host header validation
Something is going wrong here even though the tests are correct.
2023-06-07 09:19:22 -04:00
lain 43458cb7a1 Merge branch 'preload-escaping' into 'develop'
B Preload: Make sure that the preloaded json is html safe

See merge request pleroma/pleroma!3901
2023-06-06 13:31:08 +00:00
Lain Soykaf 40d40d67a3 Add changelog. 2023-06-02 17:09:58 +04:00
Lain Soykaf cbc5b8cebd B Preload: Make sure that the preloaded json is html safe 2023-06-02 17:03:21 +04:00
Haelwenn e8d3525665 Merge branch 'bump-gettext' into 'develop'
mix: bump gettext to 0.22

See merge request pleroma/pleroma!3831
2023-06-02 01:38:41 +00:00
Haelwenn (lanodan) Monnier 313e68c180 mix: bump gettext to ~0.20
Includes https://github.com/elixir-gettext/gettext/pull/304 in 0.20.0+
Includes https://github.com/elixir-gettext/expo/issues/91 in 0.22+ via expo 0.2.0+
2023-06-02 03:06:32 +02:00
Haelwenn e2a63dadd1 Merge branch 'test_improvement' into 'develop'
Use Phoenix.ConnTest.redirected_to/2

See merge request pleroma/pleroma!3899
2023-06-01 09:40:25 +00:00
Sean King c9cb90ff4f
Media proxy base URL doesn't need /proxy 2023-05-31 17:49:06 -06:00
Sean King a2bbd7c9da
Fix base media and proxy URL in instructions to serve media on another domain 2023-05-31 12:22:13 -06:00
Mark Felder 46c799f528 Use Phoenix.ConnTest.redirected_to/2 2023-05-31 09:54:37 -04:00
Haelwenn (lanodan) Monnier 737e45c102 installation/debian_based_jp: Elixir 1.11 means Debian 12+ and Ubuntu 22.04+
I checked for what each part of the debian&ubuntu sentences meant with the
help of Jisho.org, should be safe but it did make me notice that this guide
hasn't been updated in years
2023-05-31 08:32:58 +02:00
Haelwenn (lanodan) Monnier 8336519f30 installation/debian_based_en: Elixir 1.11 means Debian 12+ and Ubuntu 22.04+ 2023-05-31 08:32:58 +02:00
Haelwenn d998a114e2 Merge branch 'validate-host' into 'develop'
Validate Host header for MediaProxy and Uploads

See merge request pleroma/pleroma!3896
2023-05-31 00:50:01 +00:00
Mark Felder b3c3bd99c3 Switch from serving a 400 to a 302 2023-05-30 16:56:09 -04:00
lain da6b4003ac Merge branch 'only_media_filter' into 'develop'
Add OnlyMedia Upload Filter

See merge request pleroma/pleroma!3897
2023-05-30 08:04:23 +00:00
Mark Felder 50a20f3bbd Esacpe the asterisks in Markdown 2023-05-29 15:53:16 -04:00
Mark Felder 9caa0b0be1 Add OnlyMedia Upload Filter to simplify restricting uploads to audio, image, and video types 2023-05-29 15:49:04 -04:00
Mark Felder da7394f33b Fix unused assignment 2023-05-29 15:09:31 -04:00
Mark Felder 43bb2f39db Remove unwanted parameter 2023-05-29 15:05:37 -04:00
Mark Felder 84974efe4c Host header validation is now required for MediaProxy and Uploads 2023-05-29 14:17:27 -04:00
Mark Felder a60dd0d92d Validate Host header matches expected value before allowing access to Uploads 2023-05-29 14:16:03 -04:00
Mark Felder 843fcca5b4 Validate Host header matches expected value before allowing access to MediaProxy 2023-05-29 13:59:51 -04:00
Mark Felder 506a1c98e7 ConnCase: Make sure the host we use in tests is the actual Endpoint host 2023-05-29 13:55:48 -04:00
faried nawaz 4c91c0d1ba
oops, forgot the test cases 2023-05-29 02:52:50 +05:00
faried nawaz 8b390d27dc
twitter card: handle case where image has no alt text 2023-05-29 02:52:49 +05:00
faried nawaz a1af122499
changelog entry 2023-05-29 02:52:49 +05:00
faried nawaz 52368e6702
fix meta tag for twitter cards and image attachments
The name of the tag should be twitter:image, not twitter:player.

Also, add twitter:image:alt meta tags.
2023-05-29 02:52:49 +05:00
faried nawaz b6b7de2010
add url to Metadata.build_tags call
If static_fe is enabled, going to https://pleroma/notice/some-id
results in

<meta content="https://pleroma/users/someuser" property="og:url">

With this fix, it is

<meta content="https://pleroma/notice/some-id" property="og:url">

Additionally, Pleroma.Web.Metadata.Providers.OpenGraph now
generates meta tags for attachments in the post.
2023-05-29 02:52:41 +05:00
tusooa e92eb5f482 Add instructions to other distro's guides 2023-05-27 00:57:22 +00:00
Haelwenn 31ec5cd35e Merge branch 'mergeback/2.5.2' into 'develop'
Mergeback: 2.5.2

Closes #3030, #3062, and #3045

See merge request pleroma/pleroma!3893
2023-05-26 22:16:18 +00:00
Haelwenn (lanodan) Monnier 869f0d24a6 Merge branch 'release/2.5.2' into mergeback/2.5.2 2023-05-26 23:47:50 +02:00
tusooa 408ea697aa
Add changelog 2023-05-26 17:28:41 -04:00
tusooa 85902ad1ae
Recommend users to serve media on another domain in guide 2023-05-26 17:27:35 -04:00
tusooa f970091c6a
Add instructions to serve media on another domain 2023-05-26 17:17:13 -04:00
Haelwenn 2d193861db Merge branch 'release/2.5.2' into 'stable'
Security release 2.5.2

See merge request pleroma/pleroma!3863
2023-05-26 19:35:31 +00:00
Haelwenn cd9d6a12ab Merge branch 'issue/3126' into 'develop'
Filter OEmbed HTML tags

See merge request pleroma/pleroma!3891
2023-05-26 18:26:40 +00:00
Haelwenn (lanodan) Monnier 7618e562b3 Version 2.5.2 2023-05-26 19:57:00 +02:00
Mark Felder 4505bc1e58 Filter OEmbed HTML tags 2023-05-26 19:56:36 +02:00
Mark Felder 0d68804aa7 Filter OEmbed HTML tags 2023-05-26 19:54:24 +02:00
tusooa d0c2e0830b Enforce unauth restrictions for public streaming endpoints 2023-05-26 19:24:08 +02:00
Haelwenn b36263e5ff Merge branch 'issue/3126' into 'develop'
MediaProxyController: Apply CSP sandbox

See merge request pleroma/pleroma!3890
2023-05-26 19:24:08 +02:00
Haelwenn 4339230f64 Merge branch 'tusooa/fix-object-test' into 'develop'
Fix ObjectTest

See merge request pleroma/pleroma!3887
2023-05-26 19:24:08 +02:00
Haelwenn 72833c84b5 Merge branch 'tusooa/rework-refetch' into 'develop'
Make sure object refetching follows update rules

See merge request pleroma/pleroma!3883
2023-05-26 19:24:08 +02:00
Haelwenn 47e66c9500 Merge branch 'issue/3126' into 'develop'
MediaProxyController: Apply CSP sandbox

See merge request pleroma/pleroma!3890
2023-05-26 17:12:18 +00:00
Mark Felder 38bcf6b19e MediaProxyController: Apply CSP sandbox 2023-05-26 12:34:01 -04:00
Zero 279fd47b48 ForceMentionsInContent: fix double mentions for Mastodon/Misskey posts
The code checked for duplicates using "ap_id", but in Mastodon and Misskey the look like that:
Mastodon: https://mastodon.example.com/users/roger
Misskey: https:///misskey.example.com/users/104ab42f11

The fix is to also check for "uri", which is what will be in the "explicitly_mentioned_uris" list:
Mastodon: https://mastodon.example.com/@roger
Misskey: https://misskey.example.com/@roger
2023-05-26 12:30:19 -04:00
tusooa 1fa196d8f7
Fix deleting banned users' statuses 2023-05-25 19:00:38 -04:00
tusooa 2c66f584b5
Show more informative errors when profile exceeds char limits 2023-05-25 08:22:33 -04:00
Haelwenn 5433742faf Merge branch 'tusooa/fix-object-test' into 'develop'
Fix ObjectTest

See merge request pleroma/pleroma!3887
2023-05-23 01:57:07 +00:00