Commit graph

4907 commits

Author SHA1 Message Date
Amelia Yukii
a6e257f502 Merge branch 'feture/code-injection-fix' into 'develop'
CVE: Fixed code injection from twitter import

See merge request TransFem-org/Sharkey!390

(cherry picked from commit 127f8556d4)

2a8e93e4 Fixed code injection from twitter import
2024-02-01 15:07:35 +00:00
Marie
1805150533 fix: visibility check on masto import
Originally from PR #288
2023-12-31 22:41:35 +01:00
Marie
6a46e30f67
chore: fix icons 2023-12-31 22:26:46 +01:00
Marie
ce6fadf767 fix: broken icon in emoji picker 2023-12-31 22:17:40 +01:00
dakkar
f42e2bacd4 (probably) fix line length between note and 1st reply 2023-12-31 20:56:16 +00:00
Marie
8e02d7f364
upd: add rosepine and rosepine dawn as preinstalle themes 2023-12-31 20:14:22 +01:00
dakkar
8bc77072cb fix: sort multiple config files
`globSync` doesn't guarantee the order in which it returns the
matching paths, so without the `sort()`, the config files may be
merged differently each time the server is started
2023-12-31 18:44:53 +00:00
Marie
7b04c6ade4
fix: make real-time update work with new notes/show changes 2023-12-31 19:29:26 +01:00
Marie
4f2fa60a72 merge: bugfix auth-fetch ask to never cache responses (#284)
Reviewed-on: https://git.joinsharkey.org/Sharkey/Sharkey/pulls/284
2023-12-31 19:24:29 +01:00
Marie
3ec00398a3
fix: security with notes/show endpoint 2023-12-31 19:21:59 +01:00
Marie
233eff48f3 merge: pleroma note import - Use hashed filename for exists check (#283)
Reviewed-on: https://git.joinsharkey.org/Sharkey/Sharkey/pulls/283
2023-12-31 18:43:38 +01:00
Marie
8336b6c6b4
upd: check for replies length 2023-12-31 18:41:29 +01:00
Marie
b1c26201ca
upd: Note Length customization
note length is now configurable through the config file

Closes #281

falls back to 3000 (misskey default) if not used/included in config
2023-12-31 18:22:02 +01:00
Marie
031d748d0c fix: /oauth/oauth to /oauth 2023-12-31 17:25:38 +01:00
dakkar
61c193c08f lint 2023-12-31 16:17:45 +00:00
smitten
8d6d5923da
Simplify hash steps 2023-12-31 11:14:41 -05:00
Insert5StarName
2b06b822ac
fix: detailed view being dashed 2023-12-31 15:55:00 +01:00
smitten
327694d4cf
Use base64url digest 2023-12-31 09:13:51 -05:00
smitten
e9428a5a05
Use hex digest 2023-12-31 09:03:46 -05:00
dakkar
6d5d3d9ea1 auth-fetch: ask to never cache responses
I could have factored out all the lines that set cache headers, but
that would have made future merges even more complicated ☹

thanks ShittyCopper for reporting the problem!
2023-12-31 13:27:38 +00:00
Marie
97dea59e49 merge: enhance module player hide pattern when not needed (#282) 2023-12-31 06:42:13 +01:00
Marie
b700fadbe3 upd: add home as a visibility for mastodon imports 2023-12-31 06:32:39 +01:00
Marie
07f06d7ed6 fix: if condition 2023-12-31 04:09:44 +01:00
Marie
fc6581b948 fix: correct followers visibility on import 2023-12-31 03:50:05 +01:00
Marie
667daebb79 upd: prevent vanilla mastodon imports from importing DMs
Also adds the visibility function to mastodon imports
2023-12-31 03:48:51 +01:00
smitten
0bb0d69543
Use hashed filename for exists check 2023-12-30 20:44:31 -05:00
Marie
265bcf54b0
upd: remove collapsed mentions
Glitchy/Broken CSS - Won't get any fixes by free so it is best to just undo the change

Closes #279
Closes #278
2023-12-30 23:14:00 +01:00
Vavency
386e4f2665 fix: lint MkModPlayer 2023-12-30 21:07:24 +02:00
Marie
8d28c16ee1
fix: bring back default like setting
Seems like due to misskey deleting reaction.vue and making it a new file called emoji-picker.vue caused the default like setting to vanish
2023-12-30 18:05:09 +01:00
Vavency
4856b019ce enhance (frontend): hide module player pattern display 2023-12-30 16:09:46 +02:00
trivernis
5f2e07d81f
Revert unnecessary changes to backend package.json 2023-12-29 20:05:19 +01:00
Trivernis
5af915e17e Merge branch 'develop' into feature/config-dropdir 2023-12-29 20:04:22 +01:00
Marie
fb99be79b9 merge: improve Search and Search Widget (#268)
Closes #264
2023-12-29 18:41:30 +01:00
Marie
70433db9d9
fix: button effect not lining up on sub notes|
Closes #277
2023-12-29 18:36:15 +01:00
dakkar
cd8ba4b634 always go to tag page from widget #264 2023-12-29 14:54:37 +00:00
Marie
18e82c0627
fix: frontend not being able to build 2023-12-28 19:37:22 +01:00
dakkar
2e55c292bf special-case full usernames is search #264
this should be enough "merging" of lookup&search:

* partial usernames are searched as part of notes from the widget, and
as part of known usernames in "search users"
* tags are searched as part of notes from the widget and the "search
notes" page
* full usernames always navigate to the profile page of that
user (which will fetch the profile if possible)

as an extra nicety, if "search notes" is disabled, the search widget
handles hashtags like the lookup function does
2023-12-28 17:26:24 +00:00
Marie
870f70a683
upd: up sfm.js version 2023-12-28 13:06:11 +01:00
Marie
9a9f61a6c0
fix: typecheck 2023-12-28 12:52:12 +01:00
Marie
592027cf68
merge: upstream 2023-12-28 09:54:32 +01:00
Korange
3c3f7fd5a6
enhance(frontend): 検索画面においてEnterキー押下で検索できるように (#12752)
* enhance: 検索画面においてEnterキー押下で検索できるように

* enterイベントを使用するように
2023-12-28 09:48:41 +01:00
YAVIIGI
b0301dd2fb
feat(frontend): 投稿ウインドウにMFM要素を追加するボタンの追加 (#12788)
* functionPicker の追加

* Update CHANGELOG.md

* fix lint errors

* Add addMfmFunction

* add enableQuickAddMfmFunction setting

* Update CHANGELOG.md

issue 番号を追加

* Update index.d.ts

* change 'functionPicker' to 'mfmFunctionPicker'

* Change indent from 4 space to 1 tab

---------

Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2023-12-28 09:47:14 +01:00
1Step621
49e2eb87e9
Fix(frontend): MFMでfgとbgに長い単語を使うと改行されない問題を修正 (#12819)
* MFMでfgとbgに長い単語を使うと改行されない問題を修正

* update CHANGELOG.md
2023-12-28 09:46:46 +01:00
syuilo
24ca9ac5ef
refactor 2023-12-28 09:46:46 +01:00
Chocolate Pie
530a282524
fix(test): CIが落ちている問題を修正 (#12816)
* fix(test): CIが落ちているのを修正

* fix(ci)?: CIの`typecheck`が落ちる問題を修正

* fix(ci): コンフィグファイルのタイポを修正
2023-12-28 09:46:46 +01:00
MomentQYC
3f60d7c44b
Add a prompt for Tor Browser users (#12776)
* perf: Add a prompt for Tor Browser users

* typo
2023-12-28 09:46:46 +01:00
GrapeApple0
5e0eb76d3b
Revert "refactor: paginationの型を明示する (#12809)" (#12810)
This reverts commit 6855079811.
2023-12-28 09:46:20 +01:00
syuilo
08cd5ef8f5
🎨 2023-12-28 09:46:19 +01:00
Kagami Sascha Rosylight
544b8106b2
feat(backend/oauth): allow CORS for token endpoint (#12814)
* feat(backend/oauth): allow CORS for token endpoint

* no need to explicitly set origin to `*`

* Update CHANGELOG.md
2023-12-28 09:46:19 +01:00
Chocolate Pie
82822e29d9
Merge pull request from GHSA-7pxq-6xx9-xpgm
* fix: fix improper authorization when accessing with third-party application

* refactor: refactor type definitions

* fix: get rid of unnecessary access limitation

* enhance: サードパーティアプリケーションがWebsocket APIを使えるように

* fix: add missing parentheses

* Revert "fix(backend): add missing kind definition for admin endpoints to improve security"

This reverts commit 5150053275.

* frontend: 翻訳の抜けを訂正, read:adminとwrite:adminはアクセス発行トークンのデフォルトでは非表示にする

* enhance(test): misskey-ghsa-7pxq-6xx9-xpgmに関するテストを追加

* enhance(test): Websocket APIに対するテストも追加

* enhance(refactor): `@/misc/api-permissions.ts`を`misskey-js/permissions`に統合

* fix(frontend): アクセストークン発行UIで全ての権限を有効にした際、管理者用APIへのアクセスも許可してしまう問題を修正

* enhance(backend): Websocketの接続に最低限必要な権限を変更

* fix(backend): `/api/admin/meta`をサードパーティアプリケーションからはアクセスできないように

* fix(backend): エンドポイントにアクセスするために必要な権限を変更

* fix(frontend/locale): Add missing type declaration

* chore: update `misskey-js/src/autogen`

---------

Co-authored-by: tamaina <tamaina@hotmail.co.jp>
2023-12-28 09:45:54 +01:00