moon/spc-pleroma
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
spc-pleroma/lib/pleroma/web
History
Ivan Tashkinov 2c68cf7e9e OAuth2 security fixes: redirect URI validation, "Mastodon-Local" security breach fix. 
(`POST /api/v1/apps` could create "Mastodon-Local" app wth any redirect_uris,
and if that happened before /web/login is accessed for the first time
then Pleroma used this externally created record with arbitrary
redirect_uris and client_secret known by creator).
2019-02-07 22:14:06 +03:00
..
activity_pub
hide_followings was renamed to hide_followers in the FE, but never synced up in the BE
2019-02-06 22:34:44 +00:00
admin_api
Merge branch 'cleanup/admin-api-useless-if' into 'develop'
2019-01-01 13:48:59 +00:00
channels
update copyright years to 2019
2018-12-31 15:41:47 +00:00
common_api
Merge branch 'fix/tusky-dm' into 'develop'
2019-01-25 05:19:32 +00:00
federator
[#582] Optimized federation retirement by reducing the number of SQL calls
2019-02-03 12:41:27 +03:00
http_signatures
update copyright years to 2019
2018-12-31 15:41:47 +00:00
mastodon_api
OAuth2 security fixes: redirect URI validation, "Mastodon-Local" security breach fix.
2019-02-07 22:14:06 +03:00
media_proxy
update copyright years to 2019
2018-12-31 15:41:47 +00:00
metadata
Provide local og:url for remote activities
2019-01-19 10:58:27 +03:00
nodeinfo
update nodeinfo version when requesting 2.1
2019-02-01 16:03:23 -03:00
oauth
OAuth2 security fixes: redirect URI validation, "Mastodon-Local" security breach fix.
2019-02-07 22:14:06 +03:00
ostatus
[#534] Made federation push sender be determined basing on content instead of referer header. Updated tests.
2019-01-29 13:12:28 +03:00
push
Flake Ids for Users and Activities
2019-01-23 11:26:27 +01:00
rich_media
rich media: parser: reject any data which cannot be explicitly encoded into JSON
2019-02-05 20:50:57 +00:00
salmon
[#582] Made single-pub task call Instance.set_reachable/1 if set_reachable is not specified.
2019-02-03 13:28:13 +03:00
templates
Add responsive features to layout
2019-02-02 13:40:34 +03:00
twitter_api
hide_followings was renamed to hide_followers in the FE, but never synced up in the BE
2019-02-06 22:34:44 +00:00
views
update copyright years to 2019
2018-12-31 15:41:47 +00:00
web_finger
update copyright years to 2019
2018-12-31 15:41:47 +00:00
websub
[#582] Made single-pub task call Instance.set_reachable/1 if set_reachable is not specified.
2019-02-03 13:28:13 +03:00
xml
update copyright years to 2019
2018-12-31 15:41:47 +00:00
chat_channel.ex
update copyright years to 2019
2018-12-31 15:41:47 +00:00
controller_helper.ex
[#534] Refactoring / tweaks per MR review.
2019-01-28 11:03:52 +03:00
endpoint.ex
Use url() instead of static_url in Endpoint.websocket_url()
2019-02-01 22:35:19 +03:00
gettext.ex
update copyright years to 2019
2018-12-31 15:41:47 +00:00
metadata.ex
Use object instead of activity for metadata
2019-01-18 09:32:52 +03:00
router.ex
activitypub: c2s: add /api/ap/whoami endpoint for andstatus
2019-02-04 22:58:29 +00:00
streamer.ex
Send delete event over Mastodon streaming api
2019-01-20 13:00:46 +01:00
uploader_controller.ex
Uploader callback controller
2019-01-21 22:44:14 +01:00
web.ex
Views: wrap activity rendering in a rescue
2019-01-27 19:16:20 +01:00