Commit graph

5479 commits

Author SHA1 Message Date
Thibaut Girka
e45a6edd65 Keep new DMs in home feeds and in the old DM timeline
Revert server-side part of 87fdd139b8
2018-10-22 18:15:51 +02:00
Thibaut Girka
dcded13a99 Merge branch 'master' into glitch-soc/merge-upstream
Conflicts:
- .github/ISSUE_TEMPLATE/bug_report.md
  Took our version.
- CONTRIBUTING.md
  Updated the embedded copy of upstream's version.
- README.md
  Took our version.
- app/policies/status_policy.rb
  Not a real conflict, took code from both.
- app/views/layouts/embedded.html.haml
  Added upstream's changes (dns-prefetch) and fixed
  `%body.embed`
- app/views/settings/preferences/show.html.haml
  Reverted some of upstream changes, as we have a
  page dedicated for flavours and skins.
- config/initializers/content_security_policy.rb
  Kept our version of the CSP.
- config/initializers/doorkeeper.rb
  Not a real conflict, took code from both.
2018-10-22 17:51:38 +02:00
Masoud Abkenar
c7e9f9ff1e RTL: remove blank character inside bdi (#9038)
* RTL: remove blank character inside bdi

* Update app/javascript/mastodon/components/display_name.js

Co-Authored-By: mabkenar <ampbox@gmail.com>
2018-10-22 01:04:32 +02:00
ThibG
84cf78da8a Fix og:url on toots' public view (#9047)
Fixes #9045
2018-10-21 22:52:10 +02:00
Masoud Abkenar
c73864c137 RTL: fix cardbar margins and alignment (#9044) 2018-10-21 18:37:57 +02:00
Masoud Abkenar
3a157210c8 RTL: fix admin account avatar margin in about page (#9039)
* RTL: fix admin account avatar margin in about page

* fix code style
2018-10-21 16:45:08 +02:00
Thibaut Girka
4739e0f090 Put a video camera emoji or a picture frame emoji instead of “.”
This uses the same logic as the status icons in the glitch flavor.
2018-10-21 16:09:18 +02:00
Thibaut Girka
8729f5e466 Do not move CWs to toot body when toot body is empty
Fixes #395

Instead of leaving the toot body blank, it replaces it with a single “.” in
order for the fold/unfold CW behavior to not look *too* weird on upstream
Mastodon. Note that this does not fix upstream's CW-dropping behavior, as
that is decided at the time the toot is posted, not received.
2018-10-21 16:09:18 +02:00
Thibaut Girka
04bedd237b Attempt at fixing inline video player 2018-10-21 16:09:07 +02:00
Thibaut Girka
dfa5b0576f Update mediaGallery component's width when opening CWs 2018-10-21 16:09:07 +02:00
Masoud Abkenar
bf58461d36 RTL: fix column settings toggle label (#9037) 2018-10-21 20:31:40 +09:00
kedama
25f9ead041 Fix domain label position and color (#9033)
* Fix position of the domain label

* Fix position of the domain label for RTL

- Fix color mismatch of linear gradient which assigned to "::after" pseudo class
2018-10-21 14:35:25 +09:00
Thibaut Girka
e4c3ea1809 Force sensitive content flag when posting a toot with a CW
Indeed, when the “Always enable the Content Warning field” setting is enabled,
sending a content-less toot with a CW would move the CW to the toot's content
and leave the toot not marked as sensitive.
2018-10-20 17:06:21 +02:00
Thibaut Girka
13c3fa8d36 Focus the UI when pressing Escape in the CW field 2018-10-20 15:00:39 +02:00
Eugen Rochko
fd5285658f
Add option to block reports from domain (#8830) 2018-10-20 08:02:44 +02:00
Eugen Rochko
9486f0ca77
Add "disable" button to report screen (#9024)
* Add "disable" button to report screen

* i18n-tasks remove-unused
2018-10-20 02:39:39 +02:00
Eugen Rochko
eb1b9903a6
Redesign direct messages column (#9022) 2018-10-20 02:23:58 +02:00
Masoud Abkenar
029943d59b RTL: fix preferences layout (#9021) 2018-10-20 01:05:17 +02:00
bsky
065b39e7a4 Fix admin account avatar margin (#9020) 2018-10-19 20:35:42 +02:00
Masoud Abkenar
301cbcc980 RTL: fix user stats in about page (#9018) 2018-10-19 20:16:13 +09:00
Eugen Rochko
a38a452481
Add unread indicator to conversations (#9009) 2018-10-19 01:47:29 +02:00
takayamaki
bebe8ec887 fix: initial state of PrivacyDropdown is should not be null (#9008) 2018-10-19 00:00:19 +02:00
Masoud Abkenar
65b3804a6c RTL: fix domain append at signup form (#9007) 2018-10-18 21:19:31 +02:00
ThibG
007f7690fa Fix fav/boosts hotkeys not working on detailed statuses (#9006) 2018-10-18 19:52:00 +02:00
Thibaut Girka
b13c34de3a Fix fav/boosts hotkeys not working on detailed statuses 2018-10-18 19:00:59 +02:00
Masoud Abkenar
f8c1b32541 RTL: fix admin account margins in about page (#9005) 2018-10-18 14:35:49 +02:00
Eugen Rochko
72d7d3003b
Do not show "limited" visibility in default visibility preference (#8999)
* Do not show "limited" visibility in default visibility preference

Fix regression from #8950

* Fix code style issue
2018-10-17 22:04:40 +02:00
Eugen Rochko
ddd30f331c
Improve support for aspects/circles (#8950)
* Add silent column to mentions

* Save silent mentions in ActivityPub Create handler and optimize it

Move networking calls out of the database transaction

* Add "limited" visibility level masked as "private" in the API

Unlike DMs, limited statuses are pushed into home feeds. The access
control rules between direct and limited statuses is almost the same,
except for counter and conversation logic

* Ensure silent column is non-null, add spec

* Ensure filters don't check silent mentions for blocks/mutes

As those are "this person is also allowed to see" rather than "this
person is involved", therefore does not warrant filtering

* Clean up code

* Use Status#active_mentions to limit returned mentions

* Fix code style issues

* Use Status#active_mentions in Notification

And remove stream_entry eager-loading from Notification
2018-10-17 17:13:04 +02:00
ThibG
adb06baef6 Handle global hotkeys even when no element has focus (#8998)
This fixes hotkeys not working when pressing the column
“back” button, for instance.
2018-10-17 16:56:16 +02:00
Quint Guvernator
f5e2e96e95 always allow DMs from staff (#8993) 2018-10-16 19:55:05 +02:00
Eugen Rochko
35b576dbec
Improve form for selecting media display preference (#8965)
Regression from #8569
2018-10-16 14:07:54 +02:00
Masoud Abkenar
d35801aaa2 Fixes 8987 broken alignment at "Remote interaction dialog" (#8988) 2018-10-15 16:09:08 +02:00
Masoud Abkenar
efd09e2ebb undo part of PR 8202 to fix RTL (#8979) 2018-10-15 04:39:20 +02:00
Thibaut Girka
b0527a4ce7 Handle alt+enter in the spoiler input as shortcut for secondary post
Fixes #780
2018-10-14 12:00:21 +02:00
Eugen Rochko
b972478812
Improve style of notice/alert messages (#8973) 2018-10-13 01:51:30 +02:00
Eugen Rochko
7d182442a7
Weblate translations (2018-10-12) (#8972)
* Translated using Weblate (Welsh)

Currently translated at 64.4% (448 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/cy/

* Translated using Weblate (Arabic)

Currently translated at 98.0% (682 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/ar/

* Translated using Weblate (French)

Currently translated at 99.9% (695 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/fr/

* Translated using Weblate (Arabic)

Currently translated at 94.3% (82 of 87 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/ar/

* Translated using Weblate (Welsh)

Currently translated at 88.7% (297 of 335 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/cy/

* Translated using Weblate (French)

Currently translated at 100.0% (335 of 335 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/fr/

* Translated using Weblate (French)

Currently translated at 100,0% (87 of 87 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/fr/

* Translated using Weblate (Czech)

Currently translated at 100.0% (335 of 335 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/cs/

* Translated using Weblate (Czech)

Currently translated at 100.0% (87 of 87 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/cs/

* Translated using Weblate (Czech)

Currently translated at 99.9% (695 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/cs/

* Translated using Weblate (Persian)

Currently translated at 100.0% (335 of 335 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/fa/

* Translated using Weblate (Arabic)

Currently translated at 94.6% (88 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/ar/

* Translated using Weblate (Arabic)

Currently translated at 100.0% (335 of 335 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/ar/

* Translated using Weblate (Czech)

Currently translated at 100.0% (93 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/cs/

* Translated using Weblate (Galician)

Currently translated at 100,0% (93 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/gl/

* Translated using Weblate (Galician)

Currently translated at 100,0% (696 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/gl/

* Translated using Weblate (Greek)

Currently translated at 100.0% (93 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/el/

* Translated using Weblate (Greek)

Currently translated at 98.8% (331 of 335 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/el/

* Translated using Weblate (Greek)

Currently translated at 99.7% (694 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/el/

* Translated using Weblate (Persian)

Currently translated at 100.0% (93 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/fa/

* Translated using Weblate (Czech)

Currently translated at 99.9% (695 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/cs/

* Translated using Weblate (French)

Currently translated at 100,0% (93 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/fr/

* Translated using Weblate (French)

Currently translated at 99.9% (695 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/fr/

* Translated using Weblate (Japanese)

Currently translated at 99.4% (692 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/ja/

* Translated using Weblate (Corsican)

Currently translated at 100.0% (93 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/co/

* Translated using Weblate (Corsican)

Currently translated at 99.9% (695 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/co/

* Translated using Weblate (German)

Currently translated at 99.6% (693 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/de/

* Translated using Weblate (German)

Currently translated at 100,0% (93 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/de/

* Translated using Weblate (Japanese)

Currently translated at 99.4% (692 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/ja/

* Translated using Weblate (Japanese)

Currently translated at 99.9% (695 of 696 strings)

Translation: Mastodon/Backend
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/backend/ja/

* Translated using Weblate (Japanese)

Currently translated at 100.0% (335 of 335 strings)

Translation: Mastodon/React
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/frontend/ja/

* Translated using Weblate (Japanese)

Currently translated at 94.6% (88 of 93 strings)

Translation: Mastodon/Preferences
Translate-URL: https://weblate.joinmastodon.org/projects/mastodon/simple_form/ja/

* i18n-tasks normalize

* yarn manage:translations
2018-10-13 01:51:14 +02:00
Thibaut Girka
70d346ea95 Fix auto-unfold CWs when no regexp is set
Fixes #778
2018-10-12 23:34:26 +02:00
Thibaut Girka
3d5d899094 Allow selecting both default flavour and theme
Fixes #672
2018-10-12 19:06:35 +02:00
Eugen Rochko
fac529975b Improve signature verification safeguards (#8959)
* Downcase signed_headers string before building the signed string

The HTTP Signatures draft does not mandate the “headers” field to be downcased,
but mandates the header field names to be downcased in the signed string, which
means that prior to this patch, Mastodon could fail to process signatures from
some compliant clients. It also means that it would not actually check the
Digest of non-compliant clients that wouldn't use a lowercased Digest field
name.

Thankfully, I don't know of any such client.

* Revert "Remove dead code (#8919)"

This reverts commit a00ce8c92c.

* Restore time window checking, change it to 12 hours

By checking the Date header, we can prevent replaying old vulnerable
signatures. The focus is to prevent replaying old vulnerable requests
from software that has been fixed in the meantime, so a somewhat long
window should be fine and accounts for timezone misconfiguration.

* Escape users' URLs when formatting them

Fixes possible HTML injection

* Escape all string interpolations in Formatter class

Slightly improve performance by reducing class allocations
from repeated Formatter#encode calls

* Fix code style issues
2018-10-12 07:00:41 +02:00
Eugen Rochko
9d4541c612
Display customized mascot in web UI and fix admin form for it (#8964)
Follow-up to #8766
2018-10-12 04:04:08 +02:00
Eugen Rochko
22de24b8ca
Fix missing protocol in dns-prefetch, improve code style (#8963)
Regression from #8942
2018-10-12 02:19:10 +02:00
Eugen Rochko
5cbbd2c3b5
Fix microformats on statuses according to updated spec (#8958) 2018-10-12 02:04:07 +02:00
Eugen Rochko
8fd2cc54c1
Fix type of conversation ID in conversations API (#8961) 2018-10-12 01:36:51 +02:00
Eugen Rochko
21ad21cb50
Improve signature verification safeguards (#8959)
* Downcase signed_headers string before building the signed string

The HTTP Signatures draft does not mandate the “headers” field to be downcased,
but mandates the header field names to be downcased in the signed string, which
means that prior to this patch, Mastodon could fail to process signatures from
some compliant clients. It also means that it would not actually check the
Digest of non-compliant clients that wouldn't use a lowercased Digest field
name.

Thankfully, I don't know of any such client.

* Revert "Remove dead code (#8919)"

This reverts commit a00ce8c92c.

* Restore time window checking, change it to 12 hours

By checking the Date header, we can prevent replaying old vulnerable
signatures. The focus is to prevent replaying old vulnerable requests
from software that has been fixed in the meantime, so a somewhat long
window should be fine and accounts for timezone misconfiguration.

* Escape users' URLs when formatting them

Fixes possible HTML injection

* Escape all string interpolations in Formatter class

Slightly improve performance by reducing class allocations
from repeated Formatter#encode calls

* Fix code style issues
2018-10-12 00:15:55 +02:00
ThibG
0075964244
Merge pull request #775 from ThibG/glitch-soc/merge-upstream
Merge upstream changes
2018-10-11 21:28:03 +02:00
ThibG
2d27c11061 Set Content-Security-Policy rules through RoR's config (#8957)
* Set CSP rules in RoR's configuration

* Override CSP setting in the embed controller to allow frames
2018-10-11 20:35:46 +02:00
Thibaut Girka
8f720be9f3 Merge commit 'ac7df62a0441b95ec04fd9111a9394795dd53ff2' into glitch-soc/merge-upstream 2018-10-11 14:12:36 +02:00
Eugen Rochko
61d44dd11f
Fix typo in ActivityPub Create handler (#8952)
Regression from #8951
2018-10-11 02:10:15 +02:00
Eugen Rochko
87fdd139b8
Do not push DMs into the home feed (#8940)
* Do not push DMs into the home feed

* Show DMs column after sending a DM, if DMs column is not already shown
2018-10-11 01:31:03 +02:00
Eugen Rochko
790d3bc637
Move network calls out of transaction in ActivityPub handler (#8951)
Mention and emoji code may perform network calls, but does not need
to do that inside the database transaction. This may improve availability
of database connections when using pgBouncer in transaction mode.
2018-10-11 00:50:18 +02:00