Commit graph

36954 commits

Author SHA1 Message Date
Philipp
881b32425d
Merge pull request #12774 from MrPetovan/bug/albumname-xss
[frio] Fix XSS vulneralibity in Justified-Gallery Javascript dependency
2023-02-08 15:56:36 +01:00
Michael Vogel
3aa7b338b8
Merge pull request #12781 from MrPetovan/bug/12779-security-txt
Switch date format to RFC 3339 in security.txt
2023-02-08 15:25:10 +01:00
Hypolite Petovan
1c7e129f3b Switch date format to RFC 3339 in security.txt 2023-02-08 08:35:06 -05:00
Hypolite Petovan
d059c36ca6 [frio] Fix XSS vulneralibity in Justified-Gallery Javascript dependency 2023-02-08 08:31:43 -05:00
Hypolite Petovan
7621c8aac5
Merge pull request #12778 from annando/issue-12764
Issue 12764: Fix photo permissions when posting via web
2023-02-07 10:15:00 -05:00
Michael
4d4e34dc64 Issue 12764: Fix photo permissions when posting via web 2023-02-07 14:18:01 +00:00
Philipp
bb92870ebb
Merge pull request #12773 from MrPetovan/bug/return-xss
Ensure arbitrary HTTPException messages are HTML escaped
2023-02-05 20:02:57 +01:00
Hypolite Petovan
9e4adabb58 Update main translation files after updating strings 2023-02-04 20:36:33 -05:00
Hypolite Petovan
447709377c Ensure arbitrary HTTPException messages are HTML escaped
- These messages can include user-supplied strings
2023-02-04 20:36:33 -05:00
Hypolite Petovan
4e355c0f5e Create specific module to display HTML message when a conversation isn't found in Module\Item\Display 2023-02-04 20:28:04 -05:00
Hypolite Petovan
544348c25a
Merge pull request #12770 from annando/warning
Fixes "Invalid URL for photo" for photos without host
2023-02-04 07:29:16 -05:00
Michael
f455f7e7d1 Fixes "Invalid URL for photo" for photos without host 2023-02-04 12:14:40 +00:00
Michael Vogel
ac469742b1
Merge pull request #12762 from MrPetovan/bug/warnings
Ward against potentially missing "platform" array key in Model\GServer::fetchSiteinfo
2023-02-02 11:54:50 +01:00
Hypolite Petovan
a836c5c3f1
Merge pull request #12752 from annando/c2s
First implementation of ActivityPub C2S
2023-02-01 11:48:24 -05:00
Michael
18dcf77a6d Desciption added 2023-02-01 16:33:07 +00:00
Hypolite Petovan
301fa681c5 Ward against potentially missing "platform" array key in Model\GServer::fetchSiteinfo
- Address https://github.com/friendica/friendica/issues/12488#issuecomment-1411635902
2023-02-01 08:35:33 -05:00
Michael
a3d645645a Fix #12757 2023-01-31 05:45:24 +00:00
Philipp
31d01dc684
Merge pull request #12756 from annando/issue-12753
Issue 12753: For remote-self feed items the plink mustn't point to the original feed link
2023-01-30 08:32:21 +01:00
Michael
f078b6bc18 Issue 12753: For remote-self feed items the plink mustn't point to the original feed link 2023-01-30 06:58:36 +00:00
Michael
b90d6a5638 Updated class description 2023-01-29 17:51:04 +00:00
Michael
101b3c9703 First implementation of ActivityPub C2S 2023-01-29 14:41:14 +00:00
Philipp
df021b07e3
Merge pull request #12747 from MrPetovan/bug/warnings
Address a couple of warnings
2023-01-29 08:21:46 +01:00
Philipp
450c753004
Merge pull request #12746 from MrPetovan/bug/fatal-errors
Remove Feed contacts from profile contact list
2023-01-29 08:21:26 +01:00
Philipp
74b616f6d4
Merge pull request #12745 from MrPetovan/task/12728-jsonld-local-files
Read local files instead of performing self HTTP requests in JsonLD::documentLoader
2023-01-29 08:20:58 +01:00
Hypolite Petovan
48a7958ef9 Check $url variable for value before using it in Module\Photo::getPhotoById
- Address https://github.com/friendica/friendica/issues/12488#issuecomment-1407342540
2023-01-29 00:12:59 -05:00
Hypolite Petovan
9a270de9c2 Prevent the use of $shared_item if it's falsy in Mastodon\Status::createQuote
- Address https://github.com/friendica/friendica/issues/12488#issuecomment-1407342324
2023-01-29 00:11:13 -05:00
Hypolite Petovan
b1eae0c9aa Remove Feed contacts from profile contact list
- These contact don't have a public pendant and therefore shouldn't be shown to visitors
- Address https://github.com/friendica/friendica/issues/12486#issuecomment-1406191980
2023-01-29 00:07:20 -05:00
Hypolite Petovan
b66787f0de Improve return value consistency in Util\BasePath::getPath 2023-01-28 22:19:47 -05:00
Hypolite Petovan
1dc97e30e0 Read local files instead of performing self HTTP requests in JsonLD::documentLoader 2023-01-28 22:17:05 -05:00
Hypolite Petovan
6dfa492521
Merge pull request #12741 from annando/local-files
Avoid more local links and bad http requests
2023-01-28 20:51:24 -05:00
Michael
3f618218c7 Old stuff removed 2023-01-28 18:50:45 +00:00
Michael
5315bc3712 Possibly fix the test problems 2023-01-28 15:29:55 +00:00
Michael
999cdc7db9 Avoid more local links and bad http requests 2023-01-28 14:57:04 +00:00
Michael Vogel
fc46778a00
Merge pull request #12735 from MrPetovan/bug/fatal-errors
Address a couple of Fatal errors
2023-01-27 08:55:27 +01:00
Michael Vogel
1d7d6fe35c
Merge pull request #12736 from MrPetovan/bug/12733-webfinger-apcontact
Replace custom WebFinger implementation by Probe::getWebfingerArray in APContact::fetchWebfingerData
2023-01-27 08:27:20 +01:00
Hypolite Petovan
d54d2c58e8
Merge pull request #12738 from annando/local-link-bad-url
Avoid local network communication / invalid url requests
2023-01-27 01:25:25 -05:00
Hypolite Petovan
79dc5c177e Replace custom WebFinger implementation by Probe::getWebfingerArray in APContact::fetchWebfingerData
- This implementation didn't support separate domains for the address and the final account
2023-01-27 01:24:28 -05:00
Hypolite Petovan
91d8cd2c87 Prevent fatal error when probing WebFinger address in Network\Probe::feed 2023-01-27 01:24:22 -05:00
Michael Vogel
94b63e6a00
Apply suggestions from code review
Co-authored-by: Hypolite Petovan <hypolite@mrpetovan.com>
2023-01-27 07:21:08 +01:00
Michael
ba4860b787 Avoid local network communication / invalid url requests 2023-01-27 05:55:45 +00:00
Hypolite Petovan
be105db759 Check the image URL has a host before retrieving it in Photo::importProfilePhoto
- Address https://github.com/friendica/friendica/issues/12486#issuecomment-1404324012
2023-01-25 22:31:07 -05:00
Hypolite Petovan
0259af1118 Cast key values to int in Mastodon\Stats
- Address https://sekretaerbaer.de/display/61b27817-3763-cd4c-5fca-b4d397968464
2023-01-25 22:11:22 -05:00
Hypolite Petovan
6bedd190b9
Merge pull request #12732 from annando/catch
Catch not fetchable posts
2023-01-25 18:32:52 -05:00
Michael
3e8c38946d Catch not fetchable posts 2023-01-25 23:03:51 +00:00
Hypolite Petovan
4e98f5a1df
Merge pull request #12731 from annando/api-quotes
Quote for notifications
2023-01-25 17:49:51 -05:00
Michael
ae3afaad94 Restore default value 2023-01-25 22:38:11 +00:00
Michael
30093fd2ec Quote for notifications 2023-01-25 20:35:10 +00:00
Hypolite Petovan
efc4e5668a
Merge pull request #12727 from annando/api-quotes
API: added positiv list for quote support
2023-01-25 15:32:40 -05:00
Michael
b6fcfebd56 Switch parameters 2023-01-25 20:14:33 +00:00
Hypolite Petovan
59235cba25
Merge pull request #12730 from damianwajer/fix-duplicate-intro-label
Fix labels in contact request modal
2023-01-25 13:27:25 -05:00