Hypolite Petovan
2d4f28dcde
Merge pull request #13951 from annando/issue-13949
...
Issue 13949: Block access via OAuth
2024-02-29 21:00:12 -05:00
Michael
dd55ba2d77
Issue 13949: Block access via OAuth
2024-02-29 22:03:57 +00:00
Hypolite Petovan
c9f7d9baff
Merge pull request #13946 from annando/issue-13819
...
Issue 13819: Ensure to not use OEmbed if not wanted
2024-02-29 07:54:43 -05:00
Hypolite Petovan
504a2e91e2
Merge pull request #13945 from annando/errors
...
Exceptions and warnings fixed
2024-02-29 07:53:13 -05:00
Michael
40e882004e
Use the exact embed URLs
2024-02-29 07:40:36 +00:00
Michael
e394a6b0fa
Issue 13819: Ensure to not use OEmbed if not wanted
2024-02-29 07:37:58 +00:00
Michael
8cf82a8449
Exceptions and warnings fixed
2024-02-29 04:40:04 +00:00
Hypolite Petovan
0d922b75af
Use public contact ids where they should be used in API fixture data
2024-02-27 08:41:51 -05:00
Hypolite Petovan
ba0a8069c4
Normalize local node hostname across API fixtures
...
- This was causing the fixture data to be wrongly "repaired" in Model\User::getOwnerDataById because of a mismatch between the local base URL and the fixture-provided self contact URL
2024-02-27 08:41:51 -05:00
Hypolite Petovan
d37699bc08
Throw Not Found exception when $uid doesn't exist in Factory\Api\Twitter\User->createFromUserId
...
- Contact::getPublicIdByUserId() wrongly returns 0 when $uid doesn't exist, which is an existing albeit invalid record.
2024-02-27 08:41:51 -05:00
Hypolite Petovan
ac087749e3
Merge pull request #13938 from annando/output-type
...
Image handling: separate between output and input type, use Imagick on PNG
2024-02-25 10:01:34 -05:00
Michael
ddc9f5f595
Image handling: separate between outout and input type, use Imagick on PNG
2024-02-25 08:52:52 +00:00
Tobias Diekershoff
35bba685fa
Merge pull request #13936 from annando/rounding
...
Round the load to two digits
2024-02-24 18:56:11 +01:00
Michael
e52fa44d3f
Round the load to two digits
2024-02-24 17:37:30 +00:00
Hypolite Petovan
f74d6f9ebb
Merge pull request #13932 from annando/oembed-cleanup
...
Unused OEmbed functionality is removed
2024-02-24 11:03:48 -05:00
Michael
ae358cae4c
Updated messages.po
2024-02-24 15:29:33 +00:00
Michael
b572b8989f
Use media link instead of proxy for pictures
2024-02-24 15:11:27 +00:00
Michael
5800a973cb
Fixed positive list
2024-02-24 13:56:12 +00:00
Michael Vogel
44ce5471b3
Onepoll: Prevent errors with invalid mails ( #13934 )
2024-02-24 13:18:44 +01:00
Michael
e05b57cd5d
messages.po updated
2024-02-24 11:56:55 +00:00
Michael
ecdf8f2b47
Merge remote-tracking branch 'upstream/2024.03-rc' into oembed-cleanup
2024-02-24 11:54:35 +00:00
Michael Vogel
1c5681c199
Merge pull request #13933 from annando/fix2
...
Accidentally merged changes are reverted
2024-02-24 12:40:19 +01:00
Michael
20fd25258a
Accidentally changes are reverted
2024-02-24 11:35:32 +00:00
Michael
00bb538fd0
Merge branch '2024.03-rc' of https://github.com/friendica/friendica into 2024.03-rc
2024-02-24 11:01:44 +00:00
Michael
12bdbaaba8
OEmbed: Complete cleanup
2024-02-24 11:01:34 +00:00
Michael
821a135033
Unused OEmbed functionality is removed
2024-02-24 10:58:18 +00:00
Michael Vogel
0ff37c0075
Merge pull request #13931 from MrPetovan/bug/13930-photo-preview-sizes
...
Increase API photo preview size for Mastodon API to 640
2024-02-24 09:39:31 +01:00
Hypolite Petovan
0a73050de1
Increase API photo preview size for Mastodon API to 640
2024-02-23 22:41:21 -05:00
Hypolite Petovan
a25dbf839a
Remove photo user id fallback from 2021
...
- Remove deprecated /photos/{nickname} fallback routes
- The contact id fallback is a lie, there's no replacement feature
2024-02-23 22:41:18 -05:00
Hypolite Petovan
e16b6ee6e1
Check form security token in /settings/userexport module ( #13929 )
...
* Escape HTML in the location field of a calendar event post
- This allowed script tags to be interpreted in the post display of an event.
* Add form security token check to /admin/phpinfo module
- This prevents basic XSS attacks against /admin/phpinfo
* Add form security token check to /babel module
- This prevents basic XSS attacks against /babel
* Prevent pass-through for attachments
- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload
* Prevent overwriting cid on event edit
- This allowed to share an event as any other user after zeroing the cid field of an existing event
* Check form security token in /settings/userexport module
- Prevents basic XSS attacks against /settings/userexport/*
2024-02-22 21:08:32 +01:00
Hypolite Petovan
5c5d7eb04f
Fix several vulnerabilities ( #13927 )
...
* Escape HTML in the location field of a calendar event post
- This allowed script tags to be interpreted in the post display of an event.
* Add form security token check to /admin/phpinfo module
- This prevents basic XSS attacks against /admin/phpinfo
* Add form security token check to /babel module
- This prevents basic XSS attacks against /babel
* Prevent pass-through for attachments
- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload
* Prevent overwriting cid on event edit
- This allowed to share an event as any other user after zeroing the cid field of an existing event
2024-02-22 06:53:52 +01:00
Michael Vogel
fc3898fe64
Updated Bluesky logo ( #13926 )
2024-02-21 18:23:36 +01:00
Michael Vogel
71384e6f39
Issue 13909: Filter channels by network ( #13924 )
2024-02-20 07:11:26 +01:00
Michael Vogel
d95c9d28a8
Issue 13922: "voted" must not be null ( #13923 )
2024-02-20 07:09:55 +01:00
Hypolite Petovan
bb7d25dfc9
Merge pull request #13921 from annando/content-type
...
Check for activity pub mime types
2024-02-19 05:57:47 -05:00
Michael Vogel
d5c0f086bd
Disallow mail addresses for registration ( #13920 )
...
* Disallow mail addresses for registration
* Order for allow/disallow has been changed
2024-02-19 09:33:20 +01:00
Michael
892e0a5623
Check for activity pub mime types
2024-02-19 07:11:56 +00:00
Michael Vogel
cb294cf411
Avoid problems with an empty domain in the blocklist ( #13919 )
...
* Avoid problems with an empty domain in the blocklist
* Test code removed
2024-02-19 07:22:19 +01:00
Michael Vogel
9ad452a19b
Merge pull request #13918 from MrPetovan/bug/fixup-13911
...
Move Api\Mastodon\Instance\Extended to ExtendedDescription
2024-02-19 04:05:42 +01:00
Hypolite Petovan
623a5be8a6
Clarify condition on offset in Mastodon\Search->searchStatuses
2024-02-18 18:48:37 -05:00
Hypolite Petovan
d1cd9a016e
Move Api\Mastodon\Instance\Extended to ExtendedDescription
...
- Add reference to Mastodon documentation
2024-02-18 18:47:59 -05:00
Michael Vogel
7d5d3b3c29
Issue 13293: Endpoint /api/v1/accounts/lookup implemented ( #13917 )
2024-02-18 20:17:06 +01:00
Michael Vogel
bcec6c5ab2
Issue #13899 : Fix error on postupdate ( #13915 )
2024-02-18 20:09:56 +01:00
Michael Vogel
6384265cbd
Issue #13823 : Fix "Mutes" endpoint ( #13916 )
2024-02-18 20:07:51 +01:00
Michael Vogel
f12276eff8
New channel "quiet sharers" for posts from lesser frequent posters ( #13913 )
2024-02-18 15:54:21 +01:00
Michael Vogel
c6160a1c38
Fix API issues #13887 , #13886 , #13863 , #13809 , #13897 ( #13911 )
2024-02-18 15:52:30 +01:00
Michael Vogel
07c20da08f
Issue 13905: ostatus context added ( #13912 )
2024-02-18 15:46:41 +01:00
Michael Vogel
4eefd0a205
Merge pull request #13908 from MrPetovan/bug/warnings
...
Avoid passing null bytes in regular expression in Object\Image
2024-02-18 05:33:41 +01:00
Hypolite Petovan
78bc1359e0
Merge pull request #13907 from annando/fix-relations
...
Fix contact-relation follower calculation
2024-02-17 22:30:56 -05:00
Hypolite Petovan
1956c2ecfd
Avoid passing null bytes in regular expression in Object\Image
...
- Remove capturing expression for A|B in favor of bracket syntax in regular expression since matches aren't used.
- Regular expressions have their own character escape notation including backslashes that need to be escaped in a PHP string.
- Actually address https://github.com/friendica/friendica/issues/13761#issuecomment-1949930922
2024-02-17 22:27:37 -05:00