friendica
/
friendica
mirror of https://github.com/friendica/friendica
6
0
Fork 1
Code Issues Packages Projects Releases 1 Wiki Activity
39,159 Commits 2 Branches 63 Tags 238 MiB
Commit Graph

12302 Commits

Author SHA1 Message Date
Michael 11a16589da Improved Content-Type check on incoming requests 2024-03-21 09:02:25 +00:00
Tobias Diekershoff c5936bb51e bump version to 2024.06-dev 2024-03-21 08:09:16 +01:00
Tobias Diekershoff f13c5dcbaf bump version to 2024.03 2024-03-21 08:01:47 +01:00
Hypolite Petovan 7331e44a1c
Merge pull request #14006 from annando/accounttype 
Fix accounttype/nosharer url
 2024-03-16 17:19:55 +00:00
Michael 1ffdb19c8e Fix accounttype/nosharer url 2024-03-16 16:44:25 +00:00
Michael a9b78d1974 Merge remote-tracking branch 'upstream/2024.03-rc' into relais-update 2024-03-16 08:35:56 +00:00
Michael Vogel e6c23e69cc
Apply suggestions from code review 
Co-authored-by: Hypolite Petovan <hypolite@mrpetovan.com>
 2024-03-16 09:19:57 +01:00
Hypolite Petovan c81a47c764
Merge pull request #14004 from annando/warning 
Fix "Undefined variable $success"
 2024-03-16 08:15:42 +00:00
Michael 28363a5416 Fix "Undefined variable $success" 2024-03-16 07:58:51 +00:00
Michael f1be6d5181 Issue 14001: Fix "Incorrect integer value" 2024-03-16 07:53:12 +00:00
Michael b75fdbbd32 Fix handling of relais contact updates 2024-03-16 05:30:21 +00:00
Tobias Diekershoff b8396daca2
Merge pull request #13998 from annando/probe-hide 
Fix: "unsearchable" is now stored
 2024-03-15 07:24:13 +01:00
Michael eaddf5318a Fix: "unsearchable" is now stored 2024-03-15 06:07:47 +00:00
Tobias Diekershoff 49b79d0457
Merge pull request #13993 from annando/statistics 
Systems added to the federation statistics
 2024-03-14 07:35:23 +01:00
Michael 8ce1797480 Systems added to the federation statistics 2024-03-14 04:33:19 +00:00
Hypolite Petovan aac5d41fd6
Escape HTML characters in profile RSS titles 
Thanks to @r1pu5u for the tip left through the `security.txt` contact address!
 2024-03-12 20:42:00 +00:00
Hypolite Petovan 57187f26ae
Merge pull request #13978 from annando/issue-13972 
Default behaviour for adding media types
 2024-03-12 20:06:24 +00:00
Hypolite Petovan 7446048d5d
Merge pull request #13987 from annando/api-issues 
Fixes API-Issues #13985 and #13986
 2024-03-12 19:33:42 +00:00
Michael fda832cd83 "network/group" fragments are removed 2024-03-12 08:02:00 +00:00
Michael 30f31828ae Fixes API-Issues #13985 and #13986 2024-03-12 03:12:36 +00:00
Michael 3b024450ff Fix notice when sending private messages 2024-03-10 18:55:58 +00:00
Tobias Diekershoff e22ef85386
Merge pull request #13982 from annando/no-unknown-media 
Fix: Don't attach unknown media
 2024-03-10 14:28:14 +01:00
Michael 76d469675e Fix: Don't attach unknown media to posts 2024-03-10 10:14:54 +00:00
Michael 3496d3948a Fix: Subject for private messages from Friendica systems 2024-03-09 22:32:38 +00:00
Michael 00b325d521 Default behaviour for adding media types 2024-03-09 15:45:38 +00:00
Michael a1427a52b3 Don't offer the invalid content type 2024-03-09 10:46:53 +00:00
Michael 40a47b076d Don't retry when fetching invalid content 2024-03-09 10:37:43 +00:00
Michael d9bedbb473 Centralized logging for a wrong JSON content-type 2024-03-08 13:48:21 +00:00
Michael 5f0657a30c Don't show the body in the log 2024-03-07 22:29:04 +00:00
Michael 435b30be11 Check for the content type before fetching the content 2024-03-07 22:16:52 +00:00
Michael 67696d08da Set default value for max video height 2024-03-07 14:22:40 +00:00
Michael 68c2bdb98e Change the last activity for delegation parents and siblings as well 2024-03-07 06:12:36 +00:00
Hypolite Petovan 111df607bc Don't call mb_strlen() on $body if it isn't set in Model\Post\Counts 
- Address https://github.com/friendica/friendica/issues/13761#issuecomment-1978354153
 2024-03-06 12:01:25 -05:00
Michael 24e7556f85 Transmit the user avatar path 2024-03-06 03:25:04 +00:00
Michael 8cc7bad1ea Issue 13939: Fix avatars for Diaspora 2024-03-06 03:00:09 +00:00
Michael 31b92b16ed Reduce the height of portrait videos 2024-03-05 21:25:00 +00:00
Michael ba07172a65 Compare with the utc value 2024-03-05 14:24:40 +00:00
Michael 72e045e744 Improved assigning of "last-activity" and "login_date" 2024-03-05 14:06:26 +00:00
Michael 52cc8ab73b Issue 13765: Fixed creation of self user contact for approval 2024-03-04 07:30:04 +00:00
Hypolite Petovan ea4e66c74c
Merge pull request #13957 from annando/issue-13940 
Issue 13940: handle posts that can't be found in contexts
 2024-03-03 13:42:00 -05:00
Michael 7471513269 Issue 13940: handle posts that can't be found in contexts 2024-03-03 18:32:26 +00:00
Michael ae37c44cc0 Oembed: Some more cleanup 2024-03-03 18:06:25 +00:00
Michael bae7644d6f Issue 13955: Check for publish date upon receival 2024-03-02 19:21:14 +00:00
Michael Vogel 89ffe6875f
Merge pull request #13942 from MrPetovan/bug/fix-api-fixture 
Fix API fixture data
 2024-03-02 05:48:19 +01:00
Michael 5df1ead001 Issue 13953: Fix warning during postupdate 2024-03-01 08:41:12 +00:00
Michael dd55ba2d77 Issue 13949: Block access via OAuth 2024-02-29 22:03:57 +00:00
Hypolite Petovan c9f7d9baff
Merge pull request #13946 from annando/issue-13819 
Issue 13819: Ensure to not use OEmbed if not wanted
 2024-02-29 07:54:43 -05:00
Michael 40e882004e Use the exact embed URLs 2024-02-29 07:40:36 +00:00
Michael e394a6b0fa Issue 13819: Ensure to not use OEmbed if not wanted 2024-02-29 07:37:58 +00:00
Michael 8cf82a8449 Exceptions and warnings fixed 2024-02-29 04:40:04 +00:00
Hypolite Petovan d37699bc08 Throw Not Found exception when $uid doesn't exist in Factory\Api\Twitter\User->createFromUserId 
- Contact::getPublicIdByUserId() wrongly returns 0 when $uid doesn't exist, which is an existing albeit invalid record.
 2024-02-27 08:41:51 -05:00
Michael ddc9f5f595 Image handling: separate between outout and input type, use Imagick on PNG 2024-02-25 08:52:52 +00:00
Michael e52fa44d3f Round the load to two digits 2024-02-24 17:37:30 +00:00
Hypolite Petovan f74d6f9ebb
Merge pull request #13932 from annando/oembed-cleanup 
Unused OEmbed functionality is removed
 2024-02-24 11:03:48 -05:00
Michael b572b8989f Use media link instead of proxy for pictures 2024-02-24 15:11:27 +00:00
Michael 5800a973cb Fixed positive list 2024-02-24 13:56:12 +00:00
Michael Vogel 44ce5471b3
Onepoll: Prevent errors with invalid mails (#13934) 2024-02-24 13:18:44 +01:00
Michael 20fd25258a Accidentally changes are reverted 2024-02-24 11:35:32 +00:00
Michael 00bb538fd0 Merge branch '2024.03-rc' of https://github.com/friendica/friendica into 2024.03-rc 2024-02-24 11:01:44 +00:00
Michael 12bdbaaba8 OEmbed: Complete cleanup 2024-02-24 11:01:34 +00:00
Michael 821a135033 Unused OEmbed functionality is removed 2024-02-24 10:58:18 +00:00
Hypolite Petovan 0a73050de1 Increase API photo preview size for Mastodon API to 640 2024-02-23 22:41:21 -05:00
Hypolite Petovan a25dbf839a Remove photo user id fallback from 2021 
- Remove deprecated /photos/{nickname} fallback routes
- The contact id fallback is a lie, there's no replacement feature
 2024-02-23 22:41:18 -05:00
Hypolite Petovan e16b6ee6e1
Check form security token in /settings/userexport module (#13929) 
* Escape HTML in the location field of a calendar event post

- This allowed script tags to be interpreted in the post display of an event.

* Add form security token check to /admin/phpinfo module

- This prevents basic XSS attacks against /admin/phpinfo

* Add form security token check to /babel module

- This prevents basic XSS attacks against /babel

* Prevent pass-through for attachments

- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload

* Prevent overwriting cid on event edit

- This allowed to share an event as any other user after zeroing the cid field of an existing event

* Check form security token in /settings/userexport module

- Prevents basic XSS attacks against /settings/userexport/*
 2024-02-22 21:08:32 +01:00
Hypolite Petovan 5c5d7eb04f
Fix several vulnerabilities (#13927) 
* Escape HTML in the location field of a calendar event post

- This allowed script tags to be interpreted in the post display of an event.

* Add form security token check to /admin/phpinfo module

- This prevents basic XSS attacks against /admin/phpinfo

* Add form security token check to /babel module

- This prevents basic XSS attacks against /babel

* Prevent pass-through for attachments

- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload

* Prevent overwriting cid on event edit

- This allowed to share an event as any other user after zeroing the cid field of an existing event
 2024-02-22 06:53:52 +01:00
Michael Vogel 71384e6f39
Issue 13909: Filter channels by network (#13924) 2024-02-20 07:11:26 +01:00
Michael Vogel d95c9d28a8
Issue 13922: "voted" must not be null (#13923) 2024-02-20 07:09:55 +01:00
Hypolite Petovan bb7d25dfc9
Merge pull request #13921 from annando/content-type 
Check for activity pub mime types
 2024-02-19 05:57:47 -05:00
Michael Vogel d5c0f086bd
Disallow mail addresses for registration (#13920) 
* Disallow mail addresses for registration

* Order for allow/disallow has been changed
 2024-02-19 09:33:20 +01:00
Michael 892e0a5623 Check for activity pub mime types 2024-02-19 07:11:56 +00:00
Michael Vogel cb294cf411
Avoid problems with an empty domain in the blocklist (#13919) 
* Avoid problems with an empty domain in the blocklist

* Test code removed
 2024-02-19 07:22:19 +01:00
Hypolite Petovan 623a5be8a6 Clarify condition on offset in Mastodon\Search->searchStatuses 2024-02-18 18:48:37 -05:00
Hypolite Petovan d1cd9a016e Move Api\Mastodon\Instance\Extended to ExtendedDescription 
- Add reference to Mastodon documentation
 2024-02-18 18:47:59 -05:00
Michael Vogel 7d5d3b3c29
Issue 13293: Endpoint /api/v1/accounts/lookup implemented (#13917) 2024-02-18 20:17:06 +01:00
Michael Vogel bcec6c5ab2
Issue #13899: Fix error on postupdate (#13915) 2024-02-18 20:09:56 +01:00
Michael Vogel 6384265cbd
Issue #13823: Fix "Mutes" endpoint (#13916) 2024-02-18 20:07:51 +01:00
Michael Vogel f12276eff8
New channel "quiet sharers" for posts from lesser frequent posters (#13913) 2024-02-18 15:54:21 +01:00
Michael Vogel c6160a1c38
Fix API issues #13887, #13886, #13863, #13809, #13897 (#13911) 2024-02-18 15:52:30 +01:00
Michael Vogel 07c20da08f
Issue 13905: ostatus context added (#13912) 2024-02-18 15:46:41 +01:00
Michael Vogel 4eefd0a205
Merge pull request #13908 from MrPetovan/bug/warnings 
Avoid passing null bytes in regular expression in Object\Image
 2024-02-18 05:33:41 +01:00
Hypolite Petovan 1956c2ecfd Avoid passing null bytes in regular expression in Object\Image 
- Remove capturing expression for A|B in favor of bracket syntax in regular expression since matches aren't used.
- Regular expressions have their own character escape notation including backslashes that need to be escaped in a PHP string.
- Actually address https://github.com/friendica/friendica/issues/13761#issuecomment-1949930922
 2024-02-17 22:27:37 -05:00
Michael ade2369b5d Merge remote-tracking branch 'upstream/2024.03-rc' into fix-relations 2024-02-17 21:56:56 +00:00
Michael 0d2ea97eb1 Fix comtact-relation follower calculation 2024-02-17 21:32:17 +00:00
Michael Vogel 08fa51d0bb
Fix the handling of unhandled image types and of animations (#13904) 
* Fix the handling of unhandled image types and of animations

* Avoid warnings
 2024-02-17 15:46:48 +01:00
Michael 7d10518e94 Revert "Fix unhandled image detection" 
This reverts commit 1069cfb570.
 2024-02-17 10:50:09 +00:00
Michael 1069cfb570 Fix unhandled image detection 2024-02-17 10:46:48 +00:00
Michael Vogel 14e5b06029
Image handling reworked, new image formats added (#13900) 
* Image handling reworked, new image formats added

* Updated messages.po

* The dot is now part of the file extension

* Added WebP in install documentation

* Handle unhandled mime types

* Fixed animated picture detected
 2024-02-17 07:45:41 +01:00
Tobias Diekershoff 1ea8a4042d bump version to 2024.03-rc 2024-02-14 08:24:41 +01:00
Michael Vogel fad55e0948
Prevent users from following relay accounts (#13894) 2024-02-13 06:50:46 +01:00
Michael c7e0500529 Fixed relay detection on unsubscription 2024-02-13 04:30:38 +00:00
Hypolite Petovan 686d0b6dbb
Merge pull request #13892 from annando/no-preview-on-sensitive 
Don't display preview images for links, when the post is marked as sensitive
 2024-02-12 22:30:31 -05:00
Michael e2cbe0983a Don't display preview images for links, when the post is marked as sensitive 2024-02-12 06:01:07 +00:00
Michael 3b0cc45588 Link sanitation added to some more places 2024-02-12 05:40:09 +00:00
Michael 061f43788c Sanitize links before storing them 2024-02-12 05:21:13 +00:00
Michael fe00a3893d urlencode for tags / fix smiley replacement 2024-02-12 04:46:20 +00:00
Michael 5d4f72698d Function renamed 2024-02-12 04:44:13 +00:00
Michael 96ede22abb Issue 13884: Sanitation of links in BBCode parser 2024-02-11 12:05:31 +00:00
Michael Vogel 2cc8fcc4aa
Merge pull request #13880 from MrPetovan/bug/13878-deprecate-star-list 
Deprecate use of [*] BBCode tag for list items in favor of [li]
 2024-02-11 03:13:28 +01:00
Michael 909d516ed4 Merge remote-tracking branch 'upstream/develop' into valid-object 2024-02-10 11:34:17 +00:00
Michael Vogel 52825cb4c4
User setting to disable blurring of sensitive pictures (#13883) 2024-02-10 09:50:49 +01:00