Merge tag 'v2.7.2' into instance_only_statuses

2019-02-19 21:07:43 +01:00
parent e8012c10be f3eb99aec3
commit 153385e508
76 changed files with 1440 additions and 577 deletions
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@ -46,14 +46,14 @@ class Rack::Attack
  end

  throttle('throttle_authenticated_api', limit: 300, period: 5.minutes) do |req|
-    req.api_request? && req.authenticated_user_id
+    req.authenticated_user_id if req.api_request?
  end

  throttle('throttle_unauthenticated_api', limit: 7_500, period: 5.minutes) do |req|
    req.ip if req.api_request?
  end

-  throttle('throttle_media', limit: 30, period: 30.minutes) do |req|
+  throttle('throttle_api_media', limit: 30, period: 30.minutes) do |req|
    req.authenticated_user_id if req.post? && req.path.start_with?('/api/v1/media')
  end

@ -61,6 +61,13 @@ class Rack::Attack
    req.ip if req.post? && req.path == '/api/v1/accounts'
  end

+  API_DELETE_REBLOG_REGEX = /\A\/api\/v1\/statuses\/[\d]+\/unreblog/.freeze
+  API_DELETE_STATUS_REGEX = /\A\/api\/v1\/statuses\/[\d]+/.freeze
+
+  throttle('throttle_api_delete', limit: 30, period: 30.minutes) do |req|
+    req.authenticated_user_id if (req.post? && req.path =~ API_DELETE_REBLOG_REGEX) || (req.delete? && req.path =~ API_DELETE_STATUS_REGEX)
+  end
+
  throttle('protected_paths', limit: 25, period: 5.minutes) do |req|
    req.ip if req.post? && req.path =~ PROTECTED_PATHS_REGEX
  end
--- a/config/initializers/twitter_regex.rb
+++ b/config/initializers/twitter_regex.rb
@ -1,7 +1,7 @@
 module Twitter
  class Regex
-    REGEXEN[:valid_general_url_path_chars] = /[^\p{White_Space}\(\)\?]/iou
-    REGEXEN[:valid_url_path_ending_chars] = /[^\p{White_Space}\(\)\?!\*';:=\,\.\$%\[\]~&\|@]|(?:#{REGEXEN[:valid_url_balanced_parens]})/iou
+    REGEXEN[:valid_general_url_path_chars] = /[^\p{White_Space}<>\(\)\?]/iou
+    REGEXEN[:valid_url_path_ending_chars] = /[^\p{White_Space}\(\)\?!\*"'「」<>;:=\,\.\$%\[\]~&\|@]|(?:#{REGEXEN[:valid_url_balanced_parens]})/iou
    REGEXEN[:valid_url_balanced_parens] = /
      \(
        (?:
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -930,9 +930,9 @@ en:
      <p>Originally adapted from the <a href="https://github.com/discourse/discourse">Discourse privacy policy</a>.</p>
    title: "%{instance} Terms of Service and Privacy Policy"
  themes:
-    contrast: High contrast
-    default: Mastodon
-    mastodon-light: Mastodon (light)
+    contrast: Mastodon (High contrast)
+    default: Mastodon (Dark)
+    mastodon-light: Mastodon (Light)
  time:
    formats:
      default: "%b %d, %Y, %H:%M"