Commit Graph

38960 Commits

Author SHA1 Message Date
Michael 52cc8ab73b Issue 13765: Fixed creation of self user contact for approval 2024-03-04 07:30:04 +00:00
Hypolite Petovan ea4e66c74c
Merge pull request #13957 from annando/issue-13940
Issue 13940: handle posts that can't be found in contexts
2024-03-03 13:42:00 -05:00
Hypolite Petovan f4826bae52
Merge pull request #13960 from annando/oembed-full-cleanup
Oembed: Some more cleanup
2024-03-03 13:41:35 -05:00
Michael 7471513269 Issue 13940: handle posts that can't be found in contexts 2024-03-03 18:32:26 +00:00
Michael ae37c44cc0 Oembed: Some more cleanup 2024-03-03 18:06:25 +00:00
Hypolite Petovan 424e219c53
Merge pull request #13956 from annando/issue-13955
Issue 13955: Check for publish date upon receival
2024-03-03 12:23:13 -05:00
Michael bae7644d6f Issue 13955: Check for publish date upon receival 2024-03-02 19:21:14 +00:00
Michael Vogel f2ccce05b8
Merge pull request #13948 from MrPetovan/task/12420-frio-remove-legacy-scheme
[frio] Remove legacy schemes
2024-03-02 06:06:15 +01:00
Michael Vogel 89ffe6875f
Merge pull request #13942 from MrPetovan/bug/fix-api-fixture
Fix API fixture data
2024-03-02 05:48:19 +01:00
Hypolite Petovan 7284210bf7 Updated main translation file after changing some strings 2024-03-01 08:52:58 -05:00
Hypolite Petovan 4fcc92e532 [frio] Delete legacy scheme files 2024-03-01 08:48:41 -05:00
Hypolite Petovan 2c259c5c6f [frio] Remove legacy schemes
- [frio] Replace default scheme file by default scheme value
- [frio] Simplify frio theme settings
- [frio] Remove query string scheme setting
2024-03-01 08:48:38 -05:00
Hypolite Petovan 39d25b9699
Merge pull request #13954 from annando/issue-13953
Issue 13953: Fix warning during postupdate
2024-03-01 08:38:42 -05:00
Michael 5df1ead001 Issue 13953: Fix warning during postupdate 2024-03-01 08:41:12 +00:00
Hypolite Petovan 2d4f28dcde
Merge pull request #13951 from annando/issue-13949
Issue 13949: Block access via OAuth
2024-02-29 21:00:12 -05:00
Michael dd55ba2d77 Issue 13949: Block access via OAuth 2024-02-29 22:03:57 +00:00
Hypolite Petovan c9f7d9baff
Merge pull request #13946 from annando/issue-13819
Issue 13819: Ensure to not use OEmbed if not wanted
2024-02-29 07:54:43 -05:00
Hypolite Petovan 504a2e91e2
Merge pull request #13945 from annando/errors
Exceptions and warnings fixed
2024-02-29 07:53:13 -05:00
Michael 40e882004e Use the exact embed URLs 2024-02-29 07:40:36 +00:00
Michael e394a6b0fa Issue 13819: Ensure to not use OEmbed if not wanted 2024-02-29 07:37:58 +00:00
Michael 8cf82a8449 Exceptions and warnings fixed 2024-02-29 04:40:04 +00:00
Hypolite Petovan 0d922b75af Use public contact ids where they should be used in API fixture data 2024-02-27 08:41:51 -05:00
Hypolite Petovan ba0a8069c4 Normalize local node hostname across API fixtures
- This was causing the fixture data to be wrongly "repaired" in Model\User::getOwnerDataById because of a mismatch between the local base URL and the fixture-provided self contact URL
2024-02-27 08:41:51 -05:00
Hypolite Petovan d37699bc08 Throw Not Found exception when $uid doesn't exist in Factory\Api\Twitter\User->createFromUserId
- Contact::getPublicIdByUserId() wrongly returns 0 when $uid doesn't exist, which is an existing albeit invalid record.
2024-02-27 08:41:51 -05:00
Hypolite Petovan ac087749e3
Merge pull request #13938 from annando/output-type
Image handling: separate between output and input type, use Imagick on PNG
2024-02-25 10:01:34 -05:00
Michael ddc9f5f595 Image handling: separate between outout and input type, use Imagick on PNG 2024-02-25 08:52:52 +00:00
Tobias Diekershoff 35bba685fa
Merge pull request #13936 from annando/rounding
Round the load to two digits
2024-02-24 18:56:11 +01:00
Michael e52fa44d3f Round the load to two digits 2024-02-24 17:37:30 +00:00
Hypolite Petovan f74d6f9ebb
Merge pull request #13932 from annando/oembed-cleanup
Unused OEmbed functionality is removed
2024-02-24 11:03:48 -05:00
Michael ae358cae4c Updated messages.po 2024-02-24 15:29:33 +00:00
Michael b572b8989f Use media link instead of proxy for pictures 2024-02-24 15:11:27 +00:00
Michael 5800a973cb Fixed positive list 2024-02-24 13:56:12 +00:00
Michael Vogel 44ce5471b3
Onepoll: Prevent errors with invalid mails (#13934) 2024-02-24 13:18:44 +01:00
Michael e05b57cd5d messages.po updated 2024-02-24 11:56:55 +00:00
Michael ecdf8f2b47 Merge remote-tracking branch 'upstream/2024.03-rc' into oembed-cleanup 2024-02-24 11:54:35 +00:00
Michael Vogel 1c5681c199
Merge pull request #13933 from annando/fix2
Accidentally merged changes are reverted
2024-02-24 12:40:19 +01:00
Michael 20fd25258a Accidentally changes are reverted 2024-02-24 11:35:32 +00:00
Michael 00bb538fd0 Merge branch '2024.03-rc' of https://github.com/friendica/friendica into 2024.03-rc 2024-02-24 11:01:44 +00:00
Michael 12bdbaaba8 OEmbed: Complete cleanup 2024-02-24 11:01:34 +00:00
Michael 821a135033 Unused OEmbed functionality is removed 2024-02-24 10:58:18 +00:00
Michael Vogel 0ff37c0075
Merge pull request #13931 from MrPetovan/bug/13930-photo-preview-sizes
Increase API photo preview size for Mastodon API to 640
2024-02-24 09:39:31 +01:00
Hypolite Petovan 0a73050de1 Increase API photo preview size for Mastodon API to 640 2024-02-23 22:41:21 -05:00
Hypolite Petovan a25dbf839a Remove photo user id fallback from 2021
- Remove deprecated /photos/{nickname} fallback routes
- The contact id fallback is a lie, there's no replacement feature
2024-02-23 22:41:18 -05:00
Hypolite Petovan e16b6ee6e1
Check form security token in /settings/userexport module (#13929)
* Escape HTML in the location field of a calendar event post

- This allowed script tags to be interpreted in the post display of an event.

* Add form security token check to /admin/phpinfo module

- This prevents basic XSS attacks against /admin/phpinfo

* Add form security token check to /babel module

- This prevents basic XSS attacks against /babel

* Prevent pass-through for attachments

- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload

* Prevent overwriting cid on event edit

- This allowed to share an event as any other user after zeroing the cid field of an existing event

* Check form security token in /settings/userexport module

- Prevents basic XSS attacks against /settings/userexport/*
2024-02-22 21:08:32 +01:00
Hypolite Petovan 5c5d7eb04f
Fix several vulnerabilities (#13927)
* Escape HTML in the location field of a calendar event post

- This allowed script tags to be interpreted in the post display of an event.

* Add form security token check to /admin/phpinfo module

- This prevents basic XSS attacks against /admin/phpinfo

* Add form security token check to /babel module

- This prevents basic XSS attacks against /babel

* Prevent pass-through for attachments

- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload

* Prevent overwriting cid on event edit

- This allowed to share an event as any other user after zeroing the cid field of an existing event
2024-02-22 06:53:52 +01:00
Michael Vogel fc3898fe64
Updated Bluesky logo (#13926) 2024-02-21 18:23:36 +01:00
Michael Vogel 71384e6f39
Issue 13909: Filter channels by network (#13924) 2024-02-20 07:11:26 +01:00
Michael Vogel d95c9d28a8
Issue 13922: "voted" must not be null (#13923) 2024-02-20 07:09:55 +01:00
Hypolite Petovan bb7d25dfc9
Merge pull request #13921 from annando/content-type
Check for activity pub mime types
2024-02-19 05:57:47 -05:00
Michael Vogel d5c0f086bd
Disallow mail addresses for registration (#13920)
* Disallow mail addresses for registration

* Order for allow/disallow has been changed
2024-02-19 09:33:20 +01:00