Commit Graph

6191 Commits

Author SHA1 Message Date
d97903a358 Update sanitize and loofah (#6855)
Fixes CVE-2018-8048 and CVE-2018-3740, two medium-severity XSS
vulnerabilities present in these gems when built against
libxml2 >= 2.9.2.
2018-03-21 17:43:28 +01:00
93897134ca Permit dots in usernames with conditions (#6844)
* Permit dots in usernames with conditions

- Dot cannot be the start or end of username
- a.lice and al.ice are considered the same during sign-up

* Fix regex mixin flags
2018-03-21 10:26:53 +01:00
a6b59cd1a3 Remove debug option from Babel preset env (#6852) 2018-03-21 10:26:15 +01:00
f64af6473f Bump version to 2.3.2rc4 2018-03-20 23:49:24 +01:00
ac49c7932d Add LDAP_TLS_NO_VERIFY option, don't require LDAP_ENABLED outside .env (#6845)
Fix #6816, fix #6790
2018-03-20 19:41:51 +01:00
61dcb686a8 Fix i18n fallback configuration conflicts with environment configurations (#6843) 2018-03-20 16:36:20 +01:00
9381a7d9d5 Use username/domain to match existing accounts in ActivityPub (#6842)
See also: #6837, #6667
2018-03-20 14:57:46 +01:00
a5c6c748e0 Cancel outdated pending compose suggestions (#6838) 2018-03-20 12:40:12 +01:00
36b5703796 request: in the event of failure, try other IPs (#6761) (#6813)
* request: in the event of failure, try other IPs (#6761)

In the case where a name has multiple A/AAAA records, we should
try subsequent records instead of immediately failing when we have a
failure on the first IP address.

This significantly improves delivery success when there are network
connectivity problems affecting only IPv4 or IPv6.

* fix method call style

* request_spec: adjust test case to use Addrinfo

* request: Request/open: move private addr check to within begin/rescue

* request_spec: add case to test failover, fix exception check

* Double Addrinfo.foreach so that it correctly yields instances
2018-03-20 09:06:08 +01:00
ff6b8a6443 Serialize mentions in the order they are added (#6836)
Up until now, the order seemed to be in the *opposite* order,
which caused the WebUI to populate mentions in reversed order
when replying to toots local to one's instance.
2018-03-19 20:19:35 +01:00
6b76a6212d Display content warning in mail notification emails (#6832) 2018-03-19 20:12:20 +01:00
33ee347c99 rename pam email environment variable to something more understandable and default to LOCAL_DOMAIN (better fallback) (#6833) 2018-03-19 20:09:26 +01:00
0306e3e9be bugfixes and gem update (#6831)
* update to new version of devise_pam_authenticatable2

* fix behaviour if suffix is nil, fix environment loading, fix user email creation

* code cleanup/fix linter warning
2018-03-19 20:08:56 +01:00
357f9298bd Fix e-mail changed notification (fixes #6778) (#6835)
In Devise::Mailer#email_changed, the new email might be in the email attr.
See: https://github.com/plataformatec/devise/blob/master/app/views/devise/mailer/email_changed.html.erb
2018-03-19 20:07:47 +01:00
f7c46fc113 Weblate translations 20180319 (#6827)
* Translated using Weblate (Portuguese (Brazil))

Currently translated at 100.0% (280 of 280 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/pt_BR/

* Translated using Weblate (Spanish)

Currently translated at 99.6% (579 of 581 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/es/

* Translated using Weblate (Spanish)

Currently translated at 100.0% (58 of 58 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/es/

* Translated using Weblate (Japanese)

Currently translated at 100.0% (280 of 280 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/ja/

* Translated using Weblate (French)

Currently translated at 100.0% (280 of 280 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/fr/

* Translated using Weblate (Spanish)

Currently translated at 100.0% (58 of 58 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/es/

* Translated using Weblate (Indonesian)

Currently translated at 100.0% (280 of 280 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/id/

* Translated using Weblate (Spanish)

Currently translated at 100.0% (280 of 280 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/es/

* Translated using Weblate (Indonesian)

Currently translated at 94.6% (71 of 75 strings)

Translation: Mastodon/Doorkeeper
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/doorkeeper/id/

* Translated using Weblate (Indonesian)

Currently translated at 100.0% (280 of 280 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/id/

* Translated using Weblate (Arabic)

Currently translated at 100.0% (62 of 62 strings)

Translation: Mastodon/Devise
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/devise/ar/

* Translated using Weblate (Indonesian)

Currently translated at 100.0% (280 of 280 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/id/

* Translated using Weblate (Dutch)

Currently translated at 100.0% (280 of 280 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/nl/

* Translated using Weblate (Arabic)

Currently translated at 75.5% (439 of 581 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/ar/

* Translated using Weblate (Arabic)

Currently translated at 76.2% (443 of 581 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/ar/

* Translated using Weblate (Russian)

Currently translated at 95.8% (557 of 581 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/ru/

* Translated using Weblate (Finnish)

Currently translated at 100.0% (280 of 280 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/fi/

* Translated using Weblate (Slovak)

Currently translated at 100.0% (280 of 280 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/sk/

* Translated using Weblate (Slovak)

Currently translated at 91.7% (533 of 581 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/sk/

* Translated using Weblate (Dutch)

Currently translated at 100.0% (280 of 280 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/nl/

* Translated using Weblate (Spanish)

Currently translated at 99.8% (580 of 581 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/es/

* Translated using Weblate (Finnish)

Currently translated at 100.0% (280 of 280 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/fi/

* Translated using Weblate (Slovak)

Currently translated at 100.0% (280 of 280 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/sk/

* Translated using Weblate (Spanish)

Currently translated at 100.0% (280 of 280 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/es/

* Translated using Weblate (Swedish)

Currently translated at 100.0% (280 of 280 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/sv/

* Translated using Weblate (Finnish)

Currently translated at 93.1% (54 of 58 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/fi/

* Translated using Weblate (Arabic)

Currently translated at 76.7% (446 of 581 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/ar/

* Translated using Weblate (Slovak)

Currently translated at 93.2% (542 of 581 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/sk/

* Translated using Weblate (Arabic)

Currently translated at 100.0% (280 of 280 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/ar/

* Normalize translations
Ran i18n-tasks normalize && yarn manage:translations
2018-03-19 15:12:06 +01:00
74c39fada0 Bump version to 2.3.2rc3 2018-03-19 12:20:57 +01:00
f02411da40 Ignore media validation when attaching to status during processing (#6822)
Fix #6821
2018-03-19 01:51:19 +01:00
a568e3ca8e Revert #6479, hide sensitive text/images from OpenGraph previews (#6818)
Display summary of attachments in description, and mark up content
warning if present, e.g.:

    Attached: 3 images · Content warning: Dota 2

When text is not supposed to be hidden, it looks more like:

    Attached: 3 images

    Here is the text of the toot

With #6817, multilinguagility should be assured...
2018-03-18 20:33:07 +01:00
3b440bd5af Fix elephant graphic being draggable and selectable (#6819) 2018-03-18 20:32:44 +01:00
39f27b6cf3 If DEFAULT_LOCALE is set, enforce it instead of HTTP request locale (#6817)
Fix #6784
2018-03-18 16:57:04 +01:00
721234230c Synchronize HTML page cache with sessions (#6815) 2018-03-18 15:14:38 +01:00
566ace2d64 Add entropy to download filenames (#6811)
pretty quick fix, and with the 1 week expiration i don't think we need to be too worried about the existing files

closes #6798
2018-03-17 17:39:28 +01:00
092f1df9d0 Bump version to 2.3.2rc2 2018-03-17 15:28:52 +01:00
844616e950 Re-add git and nodejs-npm to Dockerfile (#6810)
Fix #6809

I don't know why, either
2018-03-17 15:28:09 +01:00
40871caa4b Revert "Upgrade Paperclip to version 6.0.0" (#6807)
* Revert "Bump version to 2.3.2rc1"

This reverts commit cdf8b92fea.

* Revert "Downgrade Dockerfile to Ruby 2.4.3 on Alpine 3.6 (#6806)"

This reverts commit 0074cad44f.

* Revert "Handle Mastodon::HostValidationError when pulling remoteable assets (#6782)"

This reverts commit 4a0a19fe54.

* Revert "Correct the reference to user's password in mastodon:add_user task (#6800)"

This reverts commit 338bff8b93.

* Revert "Upgrade Paperclip to version 6.0.0 (#6754)"

This reverts commit b88fcd53f7.
2018-03-17 14:20:35 +01:00
cdf8b92fea Bump version to 2.3.2rc1 2018-03-17 14:07:00 +01:00
0074cad44f Downgrade Dockerfile to Ruby 2.4.3 on Alpine 3.6 (#6806)
Fix 6734
2018-03-17 14:06:25 +01:00
4a0a19fe54 Handle Mastodon::HostValidationError when pulling remoteable assets (#6782)
This will prevent, for example, `rake mastodon:redownload_avatars` from crashing when an instance is no longer responding to connection attempts, instead silently continuing as expected.
2018-03-17 13:27:50 +01:00
338bff8b93 Correct the reference to user's password in mastodon:add_user task (#6800) 2018-03-17 13:27:19 +01:00
b88fcd53f7 Upgrade Paperclip to version 6.0.0 (#6754) 2018-03-17 12:37:58 +01:00
ca7e6a6d2e Properly center .nothing-here (#6787) (#6788)
Apply "margin: 0 auto;" at line 443 to fix issue #6787
2018-03-17 12:35:35 +01:00
f0cd957c7a Cache HTML page with Service Worker (#6802)
This is the first step to make Mastodon work offline. It is also required
by Chromium to trigger Web Manifest automated install prompt.
2018-03-17 12:35:13 +01:00
64fc8d2b07 [Nanobox] Stream backups to the warehouse (#6799)
The `curl` docs are terrible. Use `-X POST -T` instead of `--data-binary`, to avoid loading entire backups into memory _before_ transferring to the warehouse, and just stream the data across as it comes in.
2018-03-17 08:39:14 +01:00
fd385e256d i18n: Update Polish translation (#6780)
Signed-off-by: Marcin Mikołajczak <me@m4sk.in>
2018-03-14 02:17:48 +09:00
03119c857b Weblate translations (2018-03-13) (#6777)
* Translated using Weblate (Portuguese (Brazil))

Currently translated at 100.0% (280 of 280 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/pt_BR/

* Translated using Weblate (Spanish)

Currently translated at 99.6% (579 of 581 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/es/

* Translated using Weblate (Spanish)

Currently translated at 100.0% (58 of 58 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/es/

* Translated using Weblate (Japanese)

Currently translated at 100.0% (280 of 280 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/ja/

* Translated using Weblate (French)

Currently translated at 100.0% (280 of 280 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/fr/

* Translated using Weblate (Spanish)

Currently translated at 100.0% (58 of 58 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/es/

* Translated using Weblate (Indonesian)

Currently translated at 100.0% (280 of 280 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/id/

* Translated using Weblate (Spanish)

Currently translated at 100.0% (280 of 280 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/es/

* Translated using Weblate (Indonesian)

Currently translated at 94.6% (71 of 75 strings)

Translation: Mastodon/Doorkeeper
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/doorkeeper/id/

* Translated using Weblate (Indonesian)

Currently translated at 100.0% (280 of 280 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/id/

* Translated using Weblate (Arabic)

Currently translated at 100.0% (62 of 62 strings)

Translation: Mastodon/Devise
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/devise/ar/

* Translated using Weblate (Indonesian)

Currently translated at 100.0% (280 of 280 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/id/

* Translated using Weblate (Dutch)

Currently translated at 100.0% (280 of 280 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/nl/

* Translated using Weblate (Arabic)

Currently translated at 75.5% (439 of 581 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/ar/

* Translated using Weblate (Arabic)

Currently translated at 76.2% (443 of 581 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/ar/

* Translated using Weblate (Russian)

Currently translated at 95.8% (557 of 581 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/ru/

* Normalize translations
Ran i18n-tasks normalize && yarn manage:translations
2018-03-13 16:16:51 +01:00
2ef1ce1182 Bump version to 2.3.1 2018-03-13 15:50:15 +01:00
eb2425b53b Hide loading bar on status interactions (#6774) 2018-03-13 14:30:01 +01:00
79d3a8553f Bump version to 2.3.1rc3 2018-03-13 09:21:21 +01:00
7709556673 Merge branch 'kagucho-spoiler' 2018-03-13 09:18:27 +01:00
f0ae6b4cc5 Merge branch 'spoiler' of git://github.com/kagucho/mastodon into kagucho-spoiler 2018-03-13 09:18:11 +01:00
9e3a6d6784 Log BackupWorker backtrace, delete Backup if retries exhausted (#6769) 2018-03-13 08:15:24 +01:00
8bf3e750ab Fix #6757: Adjust RTL styles for landing page (#6768) 2018-03-13 08:14:08 +01:00
18241ccbe1 Change the title of sensitive button by state (#6771)
Icon showing the state may be confusing. (does the slahed eye icon mean
the state that it is sensitive, or to mark it as sensitive?) Moreover, it
may not help for blind people.

The title will give the precise representation of the current state.
2018-03-13 08:10:12 +01:00
0dccb398bd Change the title of spoiler button by state
The title will give the precise representation of the current state. It
would be helpful for blind people.
2018-03-13 15:58:55 +09:00
386365090c Fix #6762: Do not overwrite some status attributes in reducer (#6767) 2018-03-13 07:16:43 +01:00
d9500c8a3b [Nanobox] Fix DB backup task (#6766)
Not sure how I missed that it had been using the wrong evar this entire time...
2018-03-13 06:07:02 +01:00
f7c1668bf6 Do not run lint in Travis CI (#6763)
Lint is done by codeclimate
2018-03-13 06:06:14 +01:00
051b649628 Detailed SMTP setup (#6759)
* add detailed SMTP settings setup in mastodon:setup

* add localhost SMTP settings setup in mastodon:setup

* SMTP settings setup should exit after successful delivery of test mail
2018-03-12 21:41:26 +01:00
f5f165a5eb set SAFETY_ASSURED=1 of db:setup in mastodon:setup (#6758) 2018-03-12 16:21:48 +01:00
f89ff65ec7 Bump version to 2.3.1rc2 2018-03-12 12:48:49 +01:00