friendica/friendica
6
0
Fork 1
mirror of https://github.com/friendica/friendica synced 2024-05-12 21:29:39 +02:00
Code Issues Packages Projects Releases 1 Wiki Activity
39054 commits 2 branches 63 tags 240 MiB
Commit graph

12250 commits

Author SHA1 Message Date
Michael e52fa44d3f Round the load to two digits 2024-02-24 17:37:30 +00:00
Hypolite Petovan f74d6f9ebb
Merge pull request #13932 from annando/oembed-cleanup 
Unused OEmbed functionality is removed
 2024-02-24 11:03:48 -05:00
Michael b572b8989f Use media link instead of proxy for pictures 2024-02-24 15:11:27 +00:00
Michael 5800a973cb Fixed positive list 2024-02-24 13:56:12 +00:00
Michael Vogel 44ce5471b3
Onepoll: Prevent errors with invalid mails (#13934) 2024-02-24 13:18:44 +01:00
Michael 20fd25258a Accidentally changes are reverted 2024-02-24 11:35:32 +00:00
Michael 00bb538fd0 Merge branch '2024.03-rc' of https://github.com/friendica/friendica into 2024.03-rc 2024-02-24 11:01:44 +00:00
Michael 12bdbaaba8 OEmbed: Complete cleanup 2024-02-24 11:01:34 +00:00
Michael 821a135033 Unused OEmbed functionality is removed 2024-02-24 10:58:18 +00:00
Hypolite Petovan 0a73050de1 Increase API photo preview size for Mastodon API to 640 2024-02-23 22:41:21 -05:00
Hypolite Petovan a25dbf839a Remove photo user id fallback from 2021 
- Remove deprecated /photos/{nickname} fallback routes
- The contact id fallback is a lie, there's no replacement feature
 2024-02-23 22:41:18 -05:00
Hypolite Petovan e16b6ee6e1
Check form security token in /settings/userexport module (#13929) 
* Escape HTML in the location field of a calendar event post

- This allowed script tags to be interpreted in the post display of an event.

* Add form security token check to /admin/phpinfo module

- This prevents basic XSS attacks against /admin/phpinfo

* Add form security token check to /babel module

- This prevents basic XSS attacks against /babel

* Prevent pass-through for attachments

- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload

* Prevent overwriting cid on event edit

- This allowed to share an event as any other user after zeroing the cid field of an existing event

* Check form security token in /settings/userexport module

- Prevents basic XSS attacks against /settings/userexport/*
 2024-02-22 21:08:32 +01:00
Hypolite Petovan 5c5d7eb04f
Fix several vulnerabilities (#13927) 
* Escape HTML in the location field of a calendar event post

- This allowed script tags to be interpreted in the post display of an event.

* Add form security token check to /admin/phpinfo module

- This prevents basic XSS attacks against /admin/phpinfo

* Add form security token check to /babel module

- This prevents basic XSS attacks against /babel

* Prevent pass-through for attachments

- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload

* Prevent overwriting cid on event edit

- This allowed to share an event as any other user after zeroing the cid field of an existing event
 2024-02-22 06:53:52 +01:00
Michael Vogel 71384e6f39
Issue 13909: Filter channels by network (#13924) 2024-02-20 07:11:26 +01:00
Michael Vogel d95c9d28a8
Issue 13922: "voted" must not be null (#13923) 2024-02-20 07:09:55 +01:00
Hypolite Petovan bb7d25dfc9
Merge pull request #13921 from annando/content-type 
Check for activity pub mime types
 2024-02-19 05:57:47 -05:00
Michael Vogel d5c0f086bd
Disallow mail addresses for registration (#13920) 
* Disallow mail addresses for registration

* Order for allow/disallow has been changed
 2024-02-19 09:33:20 +01:00
Michael 892e0a5623 Check for activity pub mime types 2024-02-19 07:11:56 +00:00
Michael Vogel cb294cf411
Avoid problems with an empty domain in the blocklist (#13919) 
* Avoid problems with an empty domain in the blocklist

* Test code removed
 2024-02-19 07:22:19 +01:00
Hypolite Petovan 623a5be8a6 Clarify condition on offset in Mastodon\Search->searchStatuses 2024-02-18 18:48:37 -05:00
Hypolite Petovan d1cd9a016e Move Api\Mastodon\Instance\Extended to ExtendedDescription 
- Add reference to Mastodon documentation
 2024-02-18 18:47:59 -05:00
Michael Vogel 7d5d3b3c29
Issue 13293: Endpoint /api/v1/accounts/lookup implemented (#13917) 2024-02-18 20:17:06 +01:00
Michael Vogel bcec6c5ab2
Issue #13899: Fix error on postupdate (#13915) 2024-02-18 20:09:56 +01:00
Michael Vogel 6384265cbd
Issue #13823: Fix "Mutes" endpoint (#13916) 2024-02-18 20:07:51 +01:00
Michael Vogel f12276eff8
New channel "quiet sharers" for posts from lesser frequent posters (#13913) 2024-02-18 15:54:21 +01:00
Michael Vogel c6160a1c38
Fix API issues #13887, #13886, #13863, #13809, #13897 (#13911) 2024-02-18 15:52:30 +01:00
Michael Vogel 07c20da08f
Issue 13905: ostatus context added (#13912) 2024-02-18 15:46:41 +01:00
Michael Vogel 4eefd0a205
Merge pull request #13908 from MrPetovan/bug/warnings 
Avoid passing null bytes in regular expression in Object\Image
 2024-02-18 05:33:41 +01:00
Hypolite Petovan 1956c2ecfd Avoid passing null bytes in regular expression in Object\Image 
- Remove capturing expression for A|B in favor of bracket syntax in regular expression since matches aren't used.
- Regular expressions have their own character escape notation including backslashes that need to be escaped in a PHP string.
- Actually address https://github.com/friendica/friendica/issues/13761#issuecomment-1949930922
 2024-02-17 22:27:37 -05:00
Michael ade2369b5d Merge remote-tracking branch 'upstream/2024.03-rc' into fix-relations 2024-02-17 21:56:56 +00:00
Michael 0d2ea97eb1 Fix comtact-relation follower calculation 2024-02-17 21:32:17 +00:00
Michael Vogel 08fa51d0bb
Fix the handling of unhandled image types and of animations (#13904) 
* Fix the handling of unhandled image types and of animations

* Avoid warnings
 2024-02-17 15:46:48 +01:00
Michael 7d10518e94 Revert "Fix unhandled image detection" 
This reverts commit 1069cfb570.
 2024-02-17 10:50:09 +00:00
Michael 1069cfb570 Fix unhandled image detection 2024-02-17 10:46:48 +00:00
Michael Vogel 14e5b06029
Image handling reworked, new image formats added (#13900) 
* Image handling reworked, new image formats added

* Updated messages.po

* The dot is now part of the file extension

* Added WebP in install documentation

* Handle unhandled mime types

* Fixed animated picture detected
 2024-02-17 07:45:41 +01:00
Tobias Diekershoff 1ea8a4042d bump version to 2024.03-rc 2024-02-14 08:24:41 +01:00
Michael Vogel fad55e0948
Prevent users from following relay accounts (#13894) 2024-02-13 06:50:46 +01:00
Michael c7e0500529 Fixed relay detection on unsubscription 2024-02-13 04:30:38 +00:00
Hypolite Petovan 686d0b6dbb
Merge pull request #13892 from annando/no-preview-on-sensitive 
Don't display preview images for links, when the post is marked as sensitive
 2024-02-12 22:30:31 -05:00
Michael e2cbe0983a Don't display preview images for links, when the post is marked as sensitive 2024-02-12 06:01:07 +00:00
Michael 3b0cc45588 Link sanitation added to some more places 2024-02-12 05:40:09 +00:00
Michael 061f43788c Sanitize links before storing them 2024-02-12 05:21:13 +00:00
Michael fe00a3893d urlencode for tags / fix smiley replacement 2024-02-12 04:46:20 +00:00
Michael 5d4f72698d Function renamed 2024-02-12 04:44:13 +00:00
Michael 96ede22abb Issue 13884: Sanitation of links in BBCode parser 2024-02-11 12:05:31 +00:00
Michael Vogel 2cc8fcc4aa
Merge pull request #13880 from MrPetovan/bug/13878-deprecate-star-list 
Deprecate use of [*] BBCode tag for list items in favor of [li]
 2024-02-11 03:13:28 +01:00
Michael 909d516ed4 Merge remote-tracking branch 'upstream/develop' into valid-object 2024-02-10 11:34:17 +00:00
Michael Vogel 52825cb4c4
User setting to disable blurring of sensitive pictures (#13883) 2024-02-10 09:50:49 +01:00
Michael 50c0fd6738 Ckeck for host differences of fetched objects 2024-02-10 04:58:11 +00:00
Hypolite Petovan 5b5c9ddc74 Deprecate use of [*] BBCode tag for list items in favor of [li] 
- It is conflicting with Markdown syntax
 2024-02-09 20:33:42 -05:00
Michael caa7b6f326 "sensitive" is added to the API 2024-02-06 16:30:46 +00:00
Michael 0a6dff0618 Sensitive previews are now blurred 2024-02-06 16:15:58 +00:00
Michael 0153c2a027 Merge remote-tracking branch 'upstream/develop' into issue-13845 2024-02-06 09:47:38 +00:00
Michael d5bf306884 We now use xonstants 2024-02-06 06:34:16 +00:00
Michael 4cd2fde6f2 Two new search options "media:card" and "media:post" 2024-02-05 22:21:58 +00:00
Michael 259e7876ad Merge remote-tracking branch 'upstream/develop' into issue-13845 2024-02-05 22:17:43 +00:00
Michael 83306949ac Possible fixes "libpng warning: Interlace handling should be turned on when using png_read_image" 2024-02-05 18:16:47 +00:00
Michael c0cd0dc74d "sensitive" added to fierld list 2024-02-05 12:21:57 +00:00
Michael f7b0a0bef1 Merge remote-tracking branch 'upstream/develop' into issue-13845 2024-02-05 06:31:08 +00:00
Michael 15df9990da Issue 13845: Support "sensitive" attribute 2024-02-04 21:45:30 +00:00
Michael 7924085c94 Issue 13844: User defined channels based on the network 2024-02-04 07:14:57 +00:00
Michael 672186e549 Additional revert 2024-02-03 11:06:05 +00:00
Michael 053dfb3e2b Revert test changes / added saving of languages 2024-02-03 11:04:42 +00:00
Michael f1efb8d277 Fix: Saving of channel languages 2024-02-03 11:01:17 +00:00
Michael 885b3a12b9 Search for tags and media in full text when doing full text searches 2024-02-02 16:05:24 +00:00
Michael fc05daefb5 "media" is added to the search text 2024-02-02 10:46:20 +00:00
Michael 7faa42882b language field renamed to "language" 2024-02-02 07:05:39 +00:00
Michael fc22a3e83f Unify searchindex table with engagement table 2024-02-01 23:08:53 +00:00
Michael b77a5c3eb4 Merge remote-tracking branch 'upstream/develop' into channel-reshare-privat 2024-02-01 19:41:35 +00:00
Michael Vogel 6a6e2cd2a2
Avoid duplicated post button on the contact conversation page (#13867) 
* Avoid duplicated post button on the contact conversation page

* Updated messages.po
 2024-02-01 19:47:43 +01:00
Michael e60f3e1a99 Channel relay reshares are now private follwers posts 2024-02-01 15:59:04 +00:00
Michael Vogel 665316c14d
Issue 13859: Posts to a group in "Vier" is now possible (#13864) 2024-01-31 19:09:57 +01:00
Michael c8087a7827 Merge remote-tracking branch 'upstream/develop' into size 2024-01-30 15:24:38 +00:00
Raroun ed30d888fa
Update src/Module/Register.php 
Co-authored-by: Hypolite Petovan <hypolite@mrpetovan.com>
 2024-01-30 15:28:49 +01:00
Raroun 606bd0be60
Check if nickname contains only US-ASCII and do not start with a digit 
Update Register.php
 2024-01-30 15:18:11 +01:00
Michael d29d7c40cd Alternatives are added to the documentation 2024-01-30 11:55:36 +00:00
Michael 1e3cfca58d search term alternatives added 2024-01-30 11:14:41 +00:00
Michael 3fe4991fcf Filter user defined channels by size 2024-01-30 10:05:05 +00:00
Hypolite Petovan 0c583574e1
Merge pull request #13860 from annando/baseurl 
Account type relay / fix missing baseurl for own contacts
 2024-01-29 18:17:31 -05:00
Michael 7432e47f7a Fix code standards 2024-01-29 18:07:53 +00:00
Michael Vogel 25f2ad1b97
Merge pull request #13838 from MrPetovan/task/refactor-throwaway-fulltext-search 
Refactor user-defined channel match
 2024-01-29 16:53:41 +01:00
Hypolite Petovan 391e41d6d6 Fix exists() condition in DisposableFullTextSearch 2024-01-29 07:37:40 -05:00
Michael cda1b91b77 Update searchindex on reshare 2024-01-29 12:32:21 +00:00
Hypolite Petovan 50cc2be3d1 Improve uniqueness loop by adding an exists() call in DisposableFullTextSearch 2024-01-29 06:56:30 -05:00
Michael 7c43b41f0b Searchtext functionality added 2024-01-29 11:02:13 +00:00
Michael 820674a7ad Use plural 2024-01-29 06:50:46 +00:00
Michael 9bd8d974b3 Account type relay / fix missing baseurl for own contacts 2024-01-29 06:28:43 +00:00
Michael 25f45cf116 Logging improved 2024-01-28 12:22:58 +00:00
Michael d2702dfe9c Use centralized functions for tag string handling 2024-01-28 06:32:55 +00:00
Hypolite Petovan 7397b38763 Ensure identifier uniqueness in Disposable FullTextSearch 2024-01-27 11:33:28 -05:00
Hypolite Petovan 9e738253e7
Merge pull request #13856 from annando/spam2 
Compare lengths of hashtags with the content length for improved spam detection
 2024-01-26 18:59:38 -05:00
Michael Vogel 120044f3da
Update src/Protocol/Relay.php 
Co-authored-by: Hypolite Petovan <hypolite@mrpetovan.com>
 2024-01-27 00:13:14 +01:00
Hypolite Petovan abd5768044 Add documentation to DisposableFullTextSearch->idenfier field 2024-01-26 16:48:55 -05:00
Michael f1173853f3 Merge remote-tracking branch 'upstream/develop' into discover 2024-01-26 13:54:25 +00:00
Michael ef8461733b The "nosharer" widget is added to the network 2024-01-26 13:51:20 +00:00
Michael b8f80a8d25 Compare lengths of hashtags with the content length for improved spam detection 2024-01-26 11:22:01 +00:00
Hypolite Petovan c19af39d8a
Merge pull request #13853 from annando/error 
Fixes "Counts::update(): Argument #3 ($vid) must be of type int, null given"
 2024-01-25 18:12:59 -05:00
Michael Vogel e1381cfc5c
Update src/Model/Post/Counts.php 
Co-authored-by: Hypolite Petovan <hypolite@mrpetovan.com>
 2024-01-25 22:16:38 +01:00
Michael Vogel 09edf251ee
Anti spam measures against hashtag spam (#13855) 2024-01-25 19:41:07 +01:00
Michael dcb6fa32a1 Fixes "Counts::update(): Argument #3 ($vid) must be of type int, null given" 2024-01-25 13:20:50 +00:00