Commit graph

28932 commits

Author SHA1 Message Date
Michael Vogel
c6d647b8df
Merge pull request #9540 from MrPetovan/bug/9538-security-blind-attack-username
Escape contact names in several HTML snippets/jQuery insert contexts
2020-11-18 00:20:43 +01:00
b2666e7794 Escape user name in introduction fields help text
- HTML help text aren't escaped in the template

# Conflicts:
#	src/Module/Notifications/Introductions.php
2020-11-16 18:21:11 -05:00
bbd3e44bb2 Escape user names in notifications
- The HTML notification message interpolation is unfiltered by the template

# Conflicts:
#	mod/ping.php
2020-11-16 18:20:23 -05:00
b2c4116357 Replace JQuery .text by .html
- Prevents inserting unescaped HTML in page
2020-11-16 18:19:24 -05:00
ba0d3b2435
Merge pull request #9537 from annando/item-lock
Fallback to database lock if locking fails
2020-11-16 16:05:24 -05:00
deb6b7a7c3 Fallback to database lock if locking fails 2020-11-16 19:46:20 +00:00
a69c98e32f
Merge pull request #9535 from annando/ap-relay
Relay code reworked to support AP delivery
2020-11-15 20:27:08 -05:00
0384bf3e76 Relay code reworked to support AP delivery 2020-11-15 23:28:05 +00:00
Michael Vogel
42be636118
Merge pull request #9515 from MrPetovan/task/9464-block-replies
Reject replies when author is blocked by thread owner
2020-11-15 18:44:48 +01:00
682b9c24f8 Update database.sql with the latest structure changes 2020-11-15 11:42:46 -05:00
Michael Vogel
64ce43cdef
Merge pull request #9534 from MrPetovan/bug/smilies-image-description
Prevent image descriptions from being replaced by local smilies
2020-11-15 07:21:27 +01:00
dbb33399bc Prevent image descriptions from being replaced by local smilies
- AP-received emojis have their code in the image description
2020-11-15 00:12:26 -05:00
b5d3fcb8d4 Move top-level permission check outside of Model\Item::getTopLevelParentData
- It wasn't checked when the direct parent was also the top-level parent
2020-11-14 10:11:26 -05:00
cb963a3259 Retrieve local top level parent item separately to check permissions in Model\Item::getTopLevelParentData 2020-11-14 10:11:26 -05:00
c98da63041 [Database version 1375] Add update method to populate missing item.thr-parent values 2020-11-14 10:11:26 -05:00
2e7c505ac0 Revert wrong item.thr-parent field usage in Protocol\OStatus 2020-11-14 10:08:52 -05:00
042f6b98ac Remove unnecessary data array assignment in Protocol\Feed 2020-11-14 10:08:51 -05:00
5ce8cc24de Clarify parameter type in DFRN::mail 2020-11-14 10:08:51 -05:00
ff66633a44 Remove references to item.parent-uri in Worker\OnePoll 2020-11-14 10:08:51 -05:00
a9d114316d Ensure the parent field isn't set during Item insertion
- Avoid a database error if a null value is provided
2020-11-14 10:08:51 -05:00
c36ca3cffe Fix null value for item.parent column 2020-11-14 10:08:51 -05:00
d3708cf1c2 Fix wrong variable use in Model\Item::getTopLevelParent
- It was preventing items at levels 3 and beyond to be inserted
- Logging for missing top level parent has been bumped to notice
2020-11-14 10:08:51 -05:00
eebcf1ae86 Separate $parent_item and $toplevel_item in mod/item 2020-11-14 10:08:51 -05:00
355cd401ae Replace uri fields conditions by gravity condition in Model\Item::insert 2020-11-14 10:08:51 -05:00
ffc364f2a4 Reject replies when author is blocked by thread owner in Model\Item::insert
- Move user-level item permission to Model\Item::isAllowedByUser
- Add user-level check for comments on top-level item
2020-11-14 10:08:50 -05:00
5e76def1ff Clarify item.parent-uri use in database field comment 2020-11-14 10:08:50 -05:00
0f2a5daf09 Replace confusing uses of item.parent-uri with expected item.thr-parent 2020-11-14 10:08:50 -05:00
0c3a5c815e Remove obsolete references to item.parent-uri 2020-11-14 10:08:50 -05:00
d7e1ce47bb Use item.thr-parent as expected in Model\Item::insert()
- Rework Model\Item::getTopLevelParent
- Backward compatibility with item.parent-uri is ensured
2020-11-14 10:08:50 -05:00
37a122bf7c
Merge pull request #9532 from Quix0r/fixes/pconfig-k-cat-varchar
Some fixes: not needed varbinary and missing UPDATE::SUCCESS
2020-11-14 10:03:22 -05:00
c4a20613a8
Ops!
Signed-off-by: Roland Häder <roland@mxchange.org>
2020-11-14 15:50:50 +01:00
32e9a4d4d7
Some fixes:
- varbinary() is not needed when clear-text words like 'xmpp' are used for them,
  it also hinders using external tools like Adminer/phpMyAdmin to search for
  them as e.g. Adminer wraps a HEX() call (SQL) around `k` and `cat` (see table
  `pconfig`)
- added missing UPDATE::SUCCESS

Signed-off-by: Roland Häder <roland@mxchange.org>
2020-11-14 15:29:41 +01:00
490ce976c1
Merge pull request #9531 from annando/fatal
Check for empty body to prevent a fatal error
2020-11-12 13:41:26 -05:00
ae363b74ad Check for empty body to prevent a fatal error 2020-11-12 16:52:55 +00:00
6dee10f340
Merge pull request #9530 from annando/fatal
Fix fatal errors
2020-11-12 07:57:53 -05:00
36c65643fb Fix fatal errors 2020-11-12 05:17:48 +00:00
Michael Vogel
acae3df0a2
Merge pull request #9526 from MrPetovan/bug/9525-mastodon-emojis-tag
Restore expected implementation of JsonLD::fetchElementArray
2020-11-12 05:47:46 +01:00
a8f16788f4 Prevent multiple replacements for the same emoji in Protocol\ActivityPub\Processor::replaceEmojis 2020-11-11 18:28:26 -05:00
d7ea4ea425
Merge pull request #9529 from annando/api-not-found
API: Not implemented stuff should return 404
2020-11-11 16:15:24 -05:00
5598f7d6ba Fix test 2020-11-11 20:49:34 +00:00
e895d3b1eb API: Not implemented stuff should return 404 2020-11-11 20:28:36 +00:00
42db861759
Merge pull request #9527 from annando/fetch-object-by-url
Fix: Fetch object by URL
2020-11-11 13:14:20 -05:00
ba38ab2c55 Fix: Fetch object by URL 2020-11-11 17:55:33 +00:00
9e4a0bf212 Added new test for JsonLD::fetchElementArray type matching 2020-11-11 11:19:27 -05:00
fa003eaa84 Fix expected implementation of JsonLD::fetchElementArray
- Added expected field value matching
2020-11-11 11:19:08 -05:00
Michael Vogel
61dcd62921
Merge pull request #9522 from MrPetovan/bug/ap-blocked-followers
Prevent ActivityPub message transmission to blocked followers
2020-11-11 15:28:04 +01:00
0de8319c15 Filter blocked contacts out from Protocol\ActivityPub\Transmitter::getContacts 2020-11-11 09:18:51 -05:00
Michael Vogel
f41139bd05
Merge pull request #9523 from MrPetovan/bug/notices
Suppress notice when network page is empty
2020-11-11 15:16:58 +01:00
4fce6a919f Suppress notice when network page is empty 2020-11-11 03:05:12 -05:00
6b8c8b03c6 Prevent ActivityPub message transmission to blocked followers 2020-11-11 02:52:23 -05:00