aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2019-05-31Mastodon API: Fix lists leaking private postsrinpatch
Our previous list visibility resolver grabbed posts if either follower collection of the user in a list who is followed is in `to` or if follower collection of the user in a list was in `cc`. This not only missed unlisted posts but also lead to leaking private posts when `fix_explicit_addressing` mistakingly started putting follower collections to `cc` (also fixed in this MR). Reported by @kurisu@iscute.moe via a DM
2019-05-31Fix fix_explicit_addressing moving follower collection to cc and add tests ↵rinpatch
for it
2019-05-31Mastodon Conversation API: Don't return own account in 'accounts'.lain
2019-05-30Replace missing non-nullable Card attributes with empty stringsSergey Suprunenko
2019-05-30Merge branch 'use-pleroma-config' into 'develop'lambda
Use Pleroma.Config everywhere See merge request pleroma/pleroma!1214
2019-05-30Use Pleroma.Config everywhereEgor Kislitsyn
2019-05-29Revert "Merge branch 'feature/search-authenticated-only' into 'develop'"kaniini
This reverts merge request !1209
2019-05-29Default search limit should be 40Mark Felder
https://docs.joinmastodon.org/api/rest/search/
2019-05-29router: require oauth_read for searchingWilliam Pitcock
Search calls are generally expensive and allow unauthenticated users to crawl the instance for user profiles or posts which contain specified keywords. An adversary can build a distributed search engine which not only will consume significant instance resources, but also can be used for undesirable purposes such as datamining. Accordingly, require authenticated access to use the search API endpoints. This acts as a nice balance as it allows guest users to make use of most functionality available in Pleroma FE while ensuring that Pleroma instances are reasonably protected from resource exhaustion. It also removes Pleroma as a potential vector in distributed search engines.
2019-05-28Respect proxy settings federationjeff
2019-05-26Merge branch 'refactor/die-httpoison-die' into 'develop'lambda
remove @httpoison, @ostatus and @websub compile-time constants See merge request pleroma/pleroma!1203
2019-05-26mrf: simple policy: fix matching imported activitypub and ostatus statusesWilliam Pitcock
2019-05-26notification: remove local/remote match rules (too complicated)William Pitcock
2019-05-25user info: allow formdata for notification settings like every other APIWilliam Pitcock
2019-05-25twitter api: user view: expose user notification settings under pleroma objectWilliam Pitcock
2019-05-25notification: add non_follows/non_followers notification control settingsWilliam Pitcock
2019-05-25remove @websub and @ostatus module-level constantsWilliam Pitcock
2019-05-25kill @httpoisonWilliam Pitcock
2019-05-25Keep nodeinfo available when not federatingAaron Tinio
2019-05-24Mention all people in the beginning of DMSergey Suprunenko
2019-05-24Move the Cache Control header test to its own filefeld
We can consolidate our cache control header tests here
2019-05-23Change the order of preloading when fetching activities for contextrinpatch
2019-05-22Fix credo issuesrinpatch
2019-05-22mrf: simple policy: add the ability to strip avatars and banners from user ↵William Pitcock
profiles
2019-05-22activitypub: run user objects through MRF filtersWilliam Pitcock
2019-05-22mrf: defang policy modules for filtering user profile objectsWilliam Pitcock
2019-05-22Exclude Answers from fetching by defaultrinpatch
2019-05-22Normalize poll votes to Answer objectsrinpatch
2019-05-22Disable timeouts for object pruning queryrinpatch
2019-05-22[#699] add worker to clean expired oauth tokensMaksim
2019-05-22Merge branch 'feature/object-pruning' into 'develop'lambda
Object pruning See merge request pleroma/pleroma!1181
2019-05-22Merge branch 'refactor/keys' into 'develop'lambda
move key generation functions into Pleroma.Keys module See merge request pleroma/pleroma!1186
2019-05-22salmon: fix credoWilliam Pitcock
2019-05-22Merge branch 'bugfix/account_view_source.note' into 'develop'rinpatch
MastoAPI AccountView: fill source.note with plaintext version of note Closes #926 See merge request pleroma/pleroma!1189
2019-05-22MastoAPI AccountView: fill source.note with plaintext version of noteHaelwenn (lanodan) Monnier
Closes: https://git.pleroma.social/pleroma/pleroma/issues/926
2019-05-22Merge branch 'mongooseim-support' into 'develop'kaniini
MongooseIM: Add basic integration endpoints. See merge request pleroma/pleroma!1172
2019-05-22Merge branch 'fix/api-fallback' into 'develop'kaniini
Do not fallback to index.html for /api/* routes Closes #920 See merge request pleroma/pleroma!1182
2019-05-22Do not truncate DM when it contains newlines and safe_dm_mentions is set to trueSergey Suprunenko
2019-05-22move key generation functions into Pleroma.Keys moduleWilliam Pitcock
2019-05-22prune objects task: use Repo.delete_all()William Pitcock
2019-05-22Respond with a 404 Not implemented JSON error messageAaron Tinio
when requested API is not implemented
2019-05-21add mix task to prune the object database using a configured retention periodWilliam Pitcock
2019-05-21object: fetcher: add support for reinjecting pruned objectsWilliam Pitcock
2019-05-21object: add Object.prune()William Pitcock
2019-05-21MastoAPI: Add GET /api/v1/polls/:idrinpatch
2019-05-21Accept question objects for conversationsrinpatch
2019-05-21Accept strings in expires_in because sasuga javascriptrinpatch
2019-05-21Change validation error status codes to be more appropriaterinpatch
2019-05-21Do not stream out poll repliesrinpatch
2019-05-21Restrict poll replies when fetching activiites for contextrinpatch
generated by cgit v1.2.3 (git 2.26.2) at 2025-04-22 23:12:39 +0000