From 90d516d42bd3d29e71e364535dd4208f8a54992a Mon Sep 17 00:00:00 2001 From: Maxim Filippov Date: Tue, 15 Oct 2019 16:52:41 +0200 Subject: Store status data inside flag activity --- lib/pleroma/web/activity_pub/utils.ex | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index 4ef479f96..57982eb4a 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -609,9 +609,33 @@ defmodule Pleroma.Web.ActivityPub.Utils do defp build_flag_object(%{account: account, statuses: statuses} = _) do [account.ap_id] ++ Enum.map(statuses || [], fn - %Activity{} = act -> act.data["id"] - act when is_map(act) -> act["id"] - act when is_binary(act) -> act + %Activity{} = act -> + obj = Object.get_by_ap_id(act.data["object"]) + + %{ + "type" => "Note", + "id" => act.data["id"], + "content" => obj.data["content"] + } + + act when is_map(act) -> + obj = Object.get_by_ap_id(act["object"]) + + %{ + "type" => "Note", + "id" => act["id"], + "content" => obj.data["content"] + } + + act + when is_binary(act) -> + activity = Activity.get_by_ap_id_with_object(act) + + %{ + "type" => "Note", + "id" => activity.data["id"], + "content" => activity.data["object"]["content"] + } end) end -- cgit v1.2.3 From b08b1d5d91968fbe94e20897ee3529216dd50a0a Mon Sep 17 00:00:00 2001 From: Maxim Filippov Date: Wed, 23 Oct 2019 21:27:22 +0200 Subject: Store status data inside Flag activity --- lib/pleroma/web/activity_pub/utils.ex | 47 ++++++++++++++--------------------- lib/pleroma/web/admin_api/report.ex | 4 +-- 2 files changed, 21 insertions(+), 30 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index 57982eb4a..c58ee7482 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -12,6 +12,7 @@ defmodule Pleroma.Web.ActivityPub.Utils do alias Pleroma.User alias Pleroma.Web alias Pleroma.Web.ActivityPub.Visibility + alias Pleroma.Web.AdminAPI.AccountView alias Pleroma.Web.Endpoint alias Pleroma.Web.Router.Helpers @@ -608,34 +609,24 @@ defmodule Pleroma.Web.ActivityPub.Utils do defp build_flag_object(%{account: account, statuses: statuses} = _) do [account.ap_id] ++ - Enum.map(statuses || [], fn - %Activity{} = act -> - obj = Object.get_by_ap_id(act.data["object"]) - - %{ - "type" => "Note", - "id" => act.data["id"], - "content" => obj.data["content"] - } - - act when is_map(act) -> - obj = Object.get_by_ap_id(act["object"]) - - %{ - "type" => "Note", - "id" => act["id"], - "content" => obj.data["content"] - } - - act - when is_binary(act) -> - activity = Activity.get_by_ap_id_with_object(act) - - %{ - "type" => "Note", - "id" => activity.data["id"], - "content" => activity.data["object"]["content"] - } + Enum.map(statuses || [], fn act -> + id = + case act do + %Activity{} = act -> act.data["id"] + act when is_map(act) -> act["id"] + act when is_binary(act) -> act + end + + activity = Activity.get_by_ap_id_with_object(id) + actor = User.get_by_ap_id(activity.object.data["actor"]) + + %{ + "type" => "Note", + "id" => activity.data["id"], + "content" => activity.object.data["content"], + "published" => activity.object.data["published"], + "actor" => AccountView.render("show.json", %{user: actor}) + } end) end diff --git a/lib/pleroma/web/admin_api/report.ex b/lib/pleroma/web/admin_api/report.ex index c751dc2be..ccd56e15e 100644 --- a/lib/pleroma/web/admin_api/report.ex +++ b/lib/pleroma/web/admin_api/report.ex @@ -13,8 +13,8 @@ defmodule Pleroma.Web.AdminAPI.Report do account = User.get_cached_by_ap_id(account_ap_id) statuses = - Enum.map(status_ap_ids, fn ap_id -> - Activity.get_by_ap_id_with_object(ap_id) + Enum.map(status_ap_ids, fn act -> + Activity.get_by_ap_id_with_object(act["id"]) end) %{report: report, user: user, account: account, statuses: statuses} -- cgit v1.2.3 From 8eff05d4c62c4d3300fee173cad84f75a0aafb4d Mon Sep 17 00:00:00 2001 From: Maxim Filippov Date: Sun, 27 Oct 2019 16:05:32 +0300 Subject: Strip status data from Flag (when federating or closing/resolving report) --- lib/pleroma/web/activity_pub/activity_pub.ex | 3 ++- lib/pleroma/web/activity_pub/utils.ex | 23 +++++++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 1d34c4d7e..4cdf4876e 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -491,7 +491,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do with flag_data <- make_flag_data(params, additional), {:ok, activity} <- insert(flag_data, local), - :ok <- maybe_federate(activity) do + {:ok, stripped_activity} <- strip_report_status_data(activity), + :ok <- maybe_federate(stripped_activity) do Enum.each(User.all_superusers(), fn superuser -> superuser |> Pleroma.Emails.AdminEmail.report(actor, account, statuses, content) diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index c58ee7482..520cc1b0c 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -22,6 +22,7 @@ defmodule Pleroma.Web.ActivityPub.Utils do require Pleroma.Constants @supported_object_types ["Article", "Note", "Video", "Page", "Question", "Answer", "Audio"] + @strip_status_report_states ~w(closed resolved) @supported_report_states ~w(open closed resolved) @valid_visibilities ~w(public unlisted private direct) @@ -673,6 +674,20 @@ defmodule Pleroma.Web.ActivityPub.Utils do #### Report-related helpers + def update_report_state(%Activity{} = activity, state) + when state in @strip_status_report_states do + {:ok, stripped_activity} = strip_report_status_data(activity) + + new_data = + activity.data + |> Map.put("state", state) + |> Map.put("object", stripped_activity.data["object"]) + + activity + |> Changeset.change(data: new_data) + |> Repo.update() + end + def update_report_state(%Activity{} = activity, state) when state in @supported_report_states do new_data = Map.put(activity.data, "state", state) @@ -683,6 +698,14 @@ defmodule Pleroma.Web.ActivityPub.Utils do def update_report_state(_, _), do: {:error, "Unsupported state"} + def strip_report_status_data(activity) do + [actor | reported_activities] = activity.data["object"] + stripped_activities = Enum.map(reported_activities, & &1["id"]) + new_data = put_in(activity.data, ["object"], [actor | stripped_activities]) + + {:ok, %{activity | data: new_data}} + end + def update_activity_visibility(activity, visibility) when visibility in @valid_visibilities do [to, cc, recipients] = activity -- cgit v1.2.3 From d56bc622755ea0a858bf086bc1f525c1752e4db8 Mon Sep 17 00:00:00 2001 From: Maxim Filippov Date: Sun, 27 Oct 2019 16:33:58 +0300 Subject: Fix report parsing --- lib/pleroma/web/admin_api/report.ex | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/admin_api/report.ex b/lib/pleroma/web/admin_api/report.ex index ccd56e15e..9c3468570 100644 --- a/lib/pleroma/web/admin_api/report.ex +++ b/lib/pleroma/web/admin_api/report.ex @@ -13,8 +13,9 @@ defmodule Pleroma.Web.AdminAPI.Report do account = User.get_cached_by_ap_id(account_ap_id) statuses = - Enum.map(status_ap_ids, fn act -> - Activity.get_by_ap_id_with_object(act["id"]) + Enum.map(status_ap_ids, fn + act when is_map(act) -> Activity.get_by_ap_id_with_object(act["id"]) + act when is_binary(act) -> Activity.get_by_ap_id_with_object(act) end) %{report: report, user: user, account: account, statuses: statuses} -- cgit v1.2.3 From 08f68370659597d6bc428e425925bcb9516d5706 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Tue, 29 Oct 2019 01:18:08 +0300 Subject: Switch from HtmlSanitizeEx to FastSanitize --- lib/pleroma/html.ex | 135 ++++++++++++++++++++++++++-------------------------- 1 file changed, 68 insertions(+), 67 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index 937bafed5..fd0495049 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -3,7 +3,6 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.HTML do - alias HtmlSanitizeEx.Scrubber defp get_scrubbers(scrubber) when is_atom(scrubber), do: [scrubber] defp get_scrubbers(scrubbers) when is_list(scrubbers), do: scrubbers @@ -24,9 +23,13 @@ defmodule Pleroma.HTML do end) end - def filter_tags(html, scrubber), do: Scrubber.scrub(html, scrubber) + def filter_tags(html, scrubber) do + {:ok, content} = FastSanitize.Sanitizer.scrub(html, scrubber) + content + end + def filter_tags(html), do: filter_tags(html, nil) - def strip_tags(html), do: Scrubber.scrub(html, Scrubber.StripTags) + def strip_tags(html), do: filter_tags(html, FastSanitize.Sanitizer.StripTags) def get_cached_scrubbed_html_for_activity( content, @@ -36,7 +39,6 @@ defmodule Pleroma.HTML do callback \\ fn x -> x end ) do key = "#{key}#{generate_scrubber_signature(scrubbers)}|#{activity.id}" - Cachex.fetch!(:scrubber_cache, key, fn _key -> object = Pleroma.Object.normalize(activity) ensure_scrubbed_html(content, scrubbers, object.data["fake"] || false, callback) @@ -46,7 +48,7 @@ defmodule Pleroma.HTML do def get_cached_stripped_html_for_activity(content, activity, key) do get_cached_scrubbed_html_for_activity( content, - HtmlSanitizeEx.Scrubber.StripTags, + FastSanitize.Sanitizer.StripTags, activity, key, &HtmlEntities.decode/1 @@ -109,13 +111,12 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do require HtmlSanitizeEx.Scrubber.Meta alias HtmlSanitizeEx.Scrubber.Meta - Meta.remove_cdata_sections_before_scrub() Meta.strip_comments() # links - Meta.allow_tag_with_uri_attributes("a", ["href", "data-user", "data-tag"], @valid_schemes) + Meta.allow_tag_with_uri_attributes(:a, ["href", "data-user", "data-tag"], @valid_schemes) - Meta.allow_tag_with_this_attribute_values("a", "class", [ + Meta.allow_tag_with_this_attribute_values(:a, "class", [ "hashtag", "u-url", "mention", @@ -123,29 +124,29 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do "mention u-url" ]) - Meta.allow_tag_with_this_attribute_values("a", "rel", [ + Meta.allow_tag_with_this_attribute_values(:a, "rel", [ "tag", "nofollow", "noopener", "noreferrer" ]) - Meta.allow_tag_with_these_attributes("a", ["name", "title"]) + Meta.allow_tag_with_these_attributes(:a, ["name", "title"]) # paragraphs and linebreaks - Meta.allow_tag_with_these_attributes("br", []) - Meta.allow_tag_with_these_attributes("p", []) + Meta.allow_tag_with_these_attributes(:br, []) + Meta.allow_tag_with_these_attributes(:p, []) # microformats - Meta.allow_tag_with_this_attribute_values("span", "class", ["h-card"]) - Meta.allow_tag_with_these_attributes("span", []) + Meta.allow_tag_with_this_attribute_values(:span, "class", ["h-card"]) + Meta.allow_tag_with_these_attributes(:span, []) # allow inline images for custom emoji if Pleroma.Config.get([:markup, :allow_inline_images]) do # restrict img tags to http/https only, because of MediaProxy. - Meta.allow_tag_with_uri_attributes("img", ["src"], ["http", "https"]) + Meta.allow_tag_with_uri_attributes(:img, ["src"], ["http", "https"]) - Meta.allow_tag_with_these_attributes("img", [ + Meta.allow_tag_with_these_attributes(:img, [ "width", "height", "class", @@ -160,19 +161,19 @@ end defmodule Pleroma.HTML.Scrubber.Default do @doc "The default HTML scrubbing policy: no " - require HtmlSanitizeEx.Scrubber.Meta - alias HtmlSanitizeEx.Scrubber.Meta + require FastSanitize.Sanitizer.Meta + alias FastSanitize.Sanitizer.Meta # credo:disable-for-previous-line # No idea how to fix this oneā€¦ @valid_schemes Pleroma.Config.get([:uri_schemes, :valid_schemes], []) - Meta.remove_cdata_sections_before_scrub() +# Meta.remove_cdata_sections_before_scrub() Meta.strip_comments() - Meta.allow_tag_with_uri_attributes("a", ["href", "data-user", "data-tag"], @valid_schemes) + Meta.allow_tag_with_uri_attributes(:a, ["href", "data-user", "data-tag"], @valid_schemes) - Meta.allow_tag_with_this_attribute_values("a", "class", [ + Meta.allow_tag_with_this_attribute_values(:a, "class", [ "hashtag", "u-url", "mention", @@ -180,7 +181,7 @@ defmodule Pleroma.HTML.Scrubber.Default do "mention u-url" ]) - Meta.allow_tag_with_this_attribute_values("a", "rel", [ + Meta.allow_tag_with_this_attribute_values(:a, "rel", [ "tag", "nofollow", "noopener", @@ -188,37 +189,37 @@ defmodule Pleroma.HTML.Scrubber.Default do "ugc" ]) - Meta.allow_tag_with_these_attributes("a", ["name", "title"]) - - Meta.allow_tag_with_these_attributes("abbr", ["title"]) - - Meta.allow_tag_with_these_attributes("b", []) - Meta.allow_tag_with_these_attributes("blockquote", []) - Meta.allow_tag_with_these_attributes("br", []) - Meta.allow_tag_with_these_attributes("code", []) - Meta.allow_tag_with_these_attributes("del", []) - Meta.allow_tag_with_these_attributes("em", []) - Meta.allow_tag_with_these_attributes("i", []) - Meta.allow_tag_with_these_attributes("li", []) - Meta.allow_tag_with_these_attributes("ol", []) - Meta.allow_tag_with_these_attributes("p", []) - Meta.allow_tag_with_these_attributes("pre", []) - Meta.allow_tag_with_these_attributes("strong", []) - Meta.allow_tag_with_these_attributes("sub", []) - Meta.allow_tag_with_these_attributes("sup", []) - Meta.allow_tag_with_these_attributes("u", []) - Meta.allow_tag_with_these_attributes("ul", []) - - Meta.allow_tag_with_this_attribute_values("span", "class", ["h-card"]) - Meta.allow_tag_with_these_attributes("span", []) + Meta.allow_tag_with_these_attributes(:a, ["name", "title"]) + + Meta.allow_tag_with_these_attributes(:abbr, ["title"]) + + Meta.allow_tag_with_these_attributes(:b, []) + Meta.allow_tag_with_these_attributes(:blockquote, []) + Meta.allow_tag_with_these_attributes(:br, []) + Meta.allow_tag_with_these_attributes(:code, []) + Meta.allow_tag_with_these_attributes(:del, []) + Meta.allow_tag_with_these_attributes(:em, []) + Meta.allow_tag_with_these_attributes(:i, []) + Meta.allow_tag_with_these_attributes(:li, []) + Meta.allow_tag_with_these_attributes(:ol, []) + Meta.allow_tag_with_these_attributes(:p, []) + Meta.allow_tag_with_these_attributes(:pre, []) + Meta.allow_tag_with_these_attributes(:strong, []) + Meta.allow_tag_with_these_attributes(:sub, []) + Meta.allow_tag_with_these_attributes(:sup, []) + Meta.allow_tag_with_these_attributes(:u, []) + Meta.allow_tag_with_these_attributes(:ul, []) + + Meta.allow_tag_with_this_attribute_values(:span, "class", ["h-card"]) + Meta.allow_tag_with_these_attributes(:span, []) @allow_inline_images Pleroma.Config.get([:markup, :allow_inline_images]) if @allow_inline_images do # restrict img tags to http/https only, because of MediaProxy. - Meta.allow_tag_with_uri_attributes("img", ["src"], ["http", "https"]) + Meta.allow_tag_with_uri_attributes(:img, ["src"], ["http", "https"]) - Meta.allow_tag_with_these_attributes("img", [ + Meta.allow_tag_with_these_attributes(:img, [ "width", "height", "class", @@ -228,24 +229,24 @@ defmodule Pleroma.HTML.Scrubber.Default do end if Pleroma.Config.get([:markup, :allow_tables]) do - Meta.allow_tag_with_these_attributes("table", []) - Meta.allow_tag_with_these_attributes("tbody", []) - Meta.allow_tag_with_these_attributes("td", []) - Meta.allow_tag_with_these_attributes("th", []) - Meta.allow_tag_with_these_attributes("thead", []) - Meta.allow_tag_with_these_attributes("tr", []) + Meta.allow_tag_with_these_attributes(:table, []) + Meta.allow_tag_with_these_attributes(:tbody, []) + Meta.allow_tag_with_these_attributes(:td, []) + Meta.allow_tag_with_these_attributes(:th, []) + Meta.allow_tag_with_these_attributes(:thead, []) + Meta.allow_tag_with_these_attributes(:tr, []) end if Pleroma.Config.get([:markup, :allow_headings]) do - Meta.allow_tag_with_these_attributes("h1", []) - Meta.allow_tag_with_these_attributes("h2", []) - Meta.allow_tag_with_these_attributes("h3", []) - Meta.allow_tag_with_these_attributes("h4", []) - Meta.allow_tag_with_these_attributes("h5", []) + Meta.allow_tag_with_these_attributes(:h1, []) + Meta.allow_tag_with_these_attributes(:h2, []) + Meta.allow_tag_with_these_attributes(:h3, []) + Meta.allow_tag_with_these_attributes(:h4, []) + Meta.allow_tag_with_these_attributes(:h5, []) end if Pleroma.Config.get([:markup, :allow_fonts]) do - Meta.allow_tag_with_these_attributes("font", ["face"]) + Meta.allow_tag_with_these_attributes(:font, ["face"]) end Meta.strip_everything_not_covered() @@ -258,7 +259,7 @@ defmodule Pleroma.HTML.Transform.MediaProxy do def before_scrub(html), do: html - def scrub_attribute("img", {"src", "http" <> target}) do + def scrub_attribute(:img, {"src", "http" <> target}) do media_url = ("http" <> target) |> MediaProxy.url() @@ -268,16 +269,16 @@ defmodule Pleroma.HTML.Transform.MediaProxy do def scrub_attribute(_tag, attribute), do: attribute - def scrub({"img", attributes, children}) do + def scrub({:img, attributes, children}) do attributes = attributes - |> Enum.map(fn attr -> scrub_attribute("img", attr) end) + |> Enum.map(fn attr -> scrub_attribute(:img, attr) end) |> Enum.reject(&is_nil(&1)) - {"img", attributes, children} + {:img, attributes, children} end - def scrub({:comment, _children}), do: "" + def scrub({:comment, _text, _children}), do: "" def scrub({tag, attributes, children}), do: {tag, attributes, children} def scrub({_tag, children}), do: children @@ -298,9 +299,9 @@ defmodule Pleroma.HTML.Scrubber.LinksOnly do Meta.strip_comments() # links - Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes) + Meta.allow_tag_with_uri_attributes(:a, ["href"], @valid_schemes) - Meta.allow_tag_with_this_attribute_values("a", "rel", [ + Meta.allow_tag_with_this_attribute_values(:a, "rel", [ "tag", "nofollow", "noopener", @@ -309,6 +310,6 @@ defmodule Pleroma.HTML.Scrubber.LinksOnly do "ugc" ]) - Meta.allow_tag_with_these_attributes("a", ["name", "title"]) + Meta.allow_tag_with_these_attributes(:a, ["name", "title"]) Meta.strip_everything_not_covered() end -- cgit v1.2.3 From 77cfb08b8c4c07406af8b338ce010307f6af75cb Mon Sep 17 00:00:00 2001 From: rinpatch Date: Tue, 29 Oct 2019 20:58:54 +0300 Subject: Remove commented-out code --- lib/pleroma/html.ex | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index fd0495049..294bc75f9 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -3,7 +3,6 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.HTML do - defp get_scrubbers(scrubber) when is_atom(scrubber), do: [scrubber] defp get_scrubbers(scrubbers) when is_list(scrubbers), do: scrubbers defp get_scrubbers(_), do: [Pleroma.HTML.Scrubber.Default] @@ -39,6 +38,7 @@ defmodule Pleroma.HTML do callback \\ fn x -> x end ) do key = "#{key}#{generate_scrubber_signature(scrubbers)}|#{activity.id}" + Cachex.fetch!(:scrubber_cache, key, fn _key -> object = Pleroma.Object.normalize(activity) ensure_scrubbed_html(content, scrubbers, object.data["fake"] || false, callback) @@ -168,7 +168,6 @@ defmodule Pleroma.HTML.Scrubber.Default do @valid_schemes Pleroma.Config.get([:uri_schemes, :valid_schemes], []) -# Meta.remove_cdata_sections_before_scrub() Meta.strip_comments() Meta.allow_tag_with_uri_attributes(:a, ["href", "data-user", "data-tag"], @valid_schemes) -- cgit v1.2.3 From ae59b38203b5358ddbf7f2cc5e2cbc816d171452 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Wed, 30 Oct 2019 09:20:13 +0300 Subject: Rip out the rest of htmlsanitizeex --- lib/pleroma/bbs/handler.ex | 3 ++- lib/pleroma/html.ex | 9 ++++----- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/bbs/handler.ex b/lib/pleroma/bbs/handler.ex index fa838a4e4..386afee89 100644 --- a/lib/pleroma/bbs/handler.ex +++ b/lib/pleroma/bbs/handler.ex @@ -5,6 +5,7 @@ defmodule Pleroma.BBS.Handler do use Sshd.ShellHandler alias Pleroma.Activity + alias Pleroma.HTML alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.CommonAPI @@ -44,7 +45,7 @@ defmodule Pleroma.BBS.Handler do def puts_activity(activity) do status = Pleroma.Web.MastodonAPI.StatusView.render("show.json", %{activity: activity}) IO.puts("-- #{status.id} by #{status.account.display_name} (#{status.account.acct})") - IO.puts(HtmlSanitizeEx.strip_tags(status.content)) + IO.puts(HTML.strip_tags(status.content)) IO.puts("") end diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index 294bc75f9..997e965f0 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -108,8 +108,8 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do @valid_schemes Pleroma.Config.get([:uri_schemes, :valid_schemes], []) - require HtmlSanitizeEx.Scrubber.Meta - alias HtmlSanitizeEx.Scrubber.Meta + require FastSanitize.Sanitizer.Meta + alias FastSanitize.Sanitizer.Meta Meta.strip_comments() @@ -291,10 +291,9 @@ defmodule Pleroma.HTML.Scrubber.LinksOnly do @valid_schemes Pleroma.Config.get([:uri_schemes, :valid_schemes], []) - require HtmlSanitizeEx.Scrubber.Meta - alias HtmlSanitizeEx.Scrubber.Meta + require FastSanitize.Sanitizer.Meta + alias FastSanitize.Sanitizer.Meta - Meta.remove_cdata_sections_before_scrub() Meta.strip_comments() # links -- cgit v1.2.3 From 363e76d4dac290f5f5081e95ad40f496ee81c1e5 Mon Sep 17 00:00:00 2001 From: kPherox Date: Wed, 30 Oct 2019 15:40:25 +0900 Subject: Fix duplicate recipients --- lib/pleroma/user/query.ex | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/pleroma/user/query.ex b/lib/pleroma/user/query.ex index 2eda454bc..364bc1c89 100644 --- a/lib/pleroma/user/query.ex +++ b/lib/pleroma/user/query.ex @@ -175,6 +175,7 @@ defmodule Pleroma.User.Query do [u, following: f, relationships: r], u.ap_id in ^to or (f.follower_address in ^to and r.state == "accept") ) + |> distinct(true) end defp compose_query({:order_by, key}, query) do -- cgit v1.2.3 From 59a149c69a9a6726c7687ba233564936e47fc199 Mon Sep 17 00:00:00 2001 From: Maxim Filippov Date: Thu, 31 Oct 2019 02:25:15 +0300 Subject: Fix "the call ... will never return" warning --- lib/pleroma/web/admin_api/search.ex | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/admin_api/search.ex b/lib/pleroma/web/admin_api/search.ex index ed919833e..778cf4c36 100644 --- a/lib/pleroma/web/admin_api/search.ex +++ b/lib/pleroma/web/admin_api/search.ex @@ -18,7 +18,11 @@ defmodule Pleroma.Web.AdminAPI.Search do @spec user(map()) :: {:ok, [User.t()], pos_integer()} def user(params \\ %{}) do - query = User.Query.build(params) |> order_by([u], u.nickname) + query = + params + |> Map.drop([:page, :page_size]) + |> User.Query.build() + |> order_by([u], u.nickname) paginated_query = User.Query.paginate(query, params[:page] || 1, params[:page_size] || @page_size) -- cgit v1.2.3 From 6f9d3d30faece1432068a421fd74d68d93e1d313 Mon Sep 17 00:00:00 2001 From: Maxim Filippov Date: Thu, 31 Oct 2019 02:26:02 +0300 Subject: AdminAPI: Omit relay user from users list --- lib/pleroma/web/activity_pub/relay.ex | 6 +++++- lib/pleroma/web/admin_api/admin_api_controller.ex | 9 ++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/relay.ex b/lib/pleroma/web/activity_pub/relay.ex index f90d75a8a..fc2619680 100644 --- a/lib/pleroma/web/activity_pub/relay.ex +++ b/lib/pleroma/web/activity_pub/relay.ex @@ -11,13 +11,17 @@ defmodule Pleroma.Web.ActivityPub.Relay do def get_actor do actor = - "#{Pleroma.Web.Endpoint.url()}/relay" + relay_ap_id() |> User.get_or_create_service_actor_by_ap_id() {:ok, actor} = User.set_invisible(actor, true) actor end + def relay_ap_id do + "#{Pleroma.Web.Endpoint.url()}/relay" + end + @spec follow(String.t()) :: {:ok, Activity.t()} | {:error, any()} def follow(target_instance) do with %User{} = local_user <- get_actor(), diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 7ffbb23e7..4533d0114 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -333,7 +333,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do email: params["email"] } - with {:ok, users, count} <- Search.user(Map.merge(search_params, filters)), + with {:ok, users, _count} <- Search.user(Map.merge(search_params, filters)), + {:ok, users, count} <- filter_relay_user(users), do: conn |> json( @@ -345,6 +346,12 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do ) end + defp filter_relay_user(users) do + filtered_users = Enum.reject(users, &(&1.ap_id == Relay.relay_ap_id())) + + {:ok, filtered_users, length(filtered_users)} + end + @filters ~w(local external active deactivated is_admin is_moderator) @spec maybe_parse_filters(String.t()) :: %{required(String.t()) => true} | %{} -- cgit v1.2.3 From ced9f923270e6b30c4b19a83a8f37516c0e49cf6 Mon Sep 17 00:00:00 2001 From: Maxim Filippov Date: Thu, 31 Oct 2019 15:34:49 +0300 Subject: Fix count --- lib/pleroma/web/admin_api/admin_api_controller.ex | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 4533d0114..b47618bde 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -333,8 +333,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do email: params["email"] } - with {:ok, users, _count} <- Search.user(Map.merge(search_params, filters)), - {:ok, users, count} <- filter_relay_user(users), + with {:ok, users, count} <- Search.user(Map.merge(search_params, filters)), + {:ok, users, count} <- filter_relay_user(users, count), do: conn |> json( @@ -346,10 +346,15 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do ) end - defp filter_relay_user(users) do - filtered_users = Enum.reject(users, &(&1.ap_id == Relay.relay_ap_id())) + defp filter_relay_user(users, count) do + filtered_users = Enum.reject(users, &relay_user?/1) + count = if Enum.any?(users, &relay_user?/1), do: length(filtered_users), else: count - {:ok, filtered_users, length(filtered_users)} + {:ok, filtered_users, count} + end + + defp relay_user?(user) do + user.ap_id == Relay.relay_ap_id() end @filters ~w(local external active deactivated is_admin is_moderator) -- cgit v1.2.3 From d75934b0d024296654a7eec74abcd65832b6b96b Mon Sep 17 00:00:00 2001 From: Maxim Filippov Date: Fri, 1 Nov 2019 15:14:43 +0300 Subject: Undo dialyzer fix --- lib/pleroma/web/admin_api/search.ex | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/admin_api/search.ex b/lib/pleroma/web/admin_api/search.ex index 778cf4c36..ed919833e 100644 --- a/lib/pleroma/web/admin_api/search.ex +++ b/lib/pleroma/web/admin_api/search.ex @@ -18,11 +18,7 @@ defmodule Pleroma.Web.AdminAPI.Search do @spec user(map()) :: {:ok, [User.t()], pos_integer()} def user(params \\ %{}) do - query = - params - |> Map.drop([:page, :page_size]) - |> User.Query.build() - |> order_by([u], u.nickname) + query = User.Query.build(params) |> order_by([u], u.nickname) paginated_query = User.Query.paginate(query, params[:page] || 1, params[:page_size] || @page_size) -- cgit v1.2.3 From 1b83a0694a19e279d155dde2c915df3583f12170 Mon Sep 17 00:00:00 2001 From: Maxim Filippov Date: Fri, 1 Nov 2019 19:13:29 +0300 Subject: Fix moderation log crash --- lib/pleroma/moderation_log.ex | 76 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/moderation_log.ex b/lib/pleroma/moderation_log.ex index e8884e6e8..9dc4a94c9 100644 --- a/lib/pleroma/moderation_log.ex +++ b/lib/pleroma/moderation_log.ex @@ -369,6 +369,24 @@ defmodule Pleroma.ModerationLog do "@#{actor_nickname} created users: #{users_to_nicknames_string(subjects)}" end + @spec get_log_entry_message(ModerationLog) :: String.t() + def get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "activate", + "subject" => user + } + }) + when is_map(user) do + get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "activate", + "subject" => [user] + } + }) + end + @spec get_log_entry_message(ModerationLog) :: String.t() def get_log_entry_message(%ModerationLog{ data: %{ @@ -380,6 +398,24 @@ defmodule Pleroma.ModerationLog do "@#{actor_nickname} activated users: #{users_to_nicknames_string(users)}" end + @spec get_log_entry_message(ModerationLog) :: String.t() + def get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "deactivate", + "subject" => user + } + }) + when is_map(user) do + get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "deactivate", + "subject" => [user] + } + }) + end + @spec get_log_entry_message(ModerationLog) :: String.t() def get_log_entry_message(%ModerationLog{ data: %{ @@ -419,6 +455,26 @@ defmodule Pleroma.ModerationLog do "@#{actor_nickname} removed tags: #{tags_string} from users: #{nicknames_to_string(nicknames)}" end + @spec get_log_entry_message(ModerationLog) :: String.t() + def get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "grant", + "subject" => user, + "permission" => permission + } + }) + when is_map(user) do + get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "grant", + "subject" => [user], + "permission" => permission + } + }) + end + @spec get_log_entry_message(ModerationLog) :: String.t() def get_log_entry_message(%ModerationLog{ data: %{ @@ -431,6 +487,26 @@ defmodule Pleroma.ModerationLog do "@#{actor_nickname} made #{users_to_nicknames_string(users)} #{permission}" end + @spec get_log_entry_message(ModerationLog) :: String.t() + def get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "revoke", + "subject" => user, + "permission" => permission + } + }) + when is_map(user) do + get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "revoke", + "subject" => [user], + "permission" => permission + } + }) + end + @spec get_log_entry_message(ModerationLog) :: String.t() def get_log_entry_message(%ModerationLog{ data: %{ -- cgit v1.2.3 From 4bf942583fdae27813f4af1f901c78eaff391b76 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Sun, 3 Nov 2019 09:05:12 -0600 Subject: streamer: use direct object for filter checks when there is no valid child object in an activity We call Object.normalize/1 to get the child object for situations like Announce. However, the check is flawed and immediately fails if Object.normalize/1 fails. Instead, we should use the activity itself in those cases to allow activities which never have a child object to pass through the filter. Closes #1291 --- lib/pleroma/web/streamer/worker.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/streamer/worker.ex b/lib/pleroma/web/streamer/worker.ex index c2ee9e1f5..33b24840d 100644 --- a/lib/pleroma/web/streamer/worker.ex +++ b/lib/pleroma/web/streamer/worker.ex @@ -136,7 +136,7 @@ defmodule Pleroma.Web.Streamer.Worker do recipients = MapSet.new(item.recipients) domain_blocks = Pleroma.Web.ActivityPub.MRF.subdomains_regex(user.domain_blocks) - with parent when not is_nil(parent) <- Object.normalize(item), + with parent <- Object.normalize(item) || item, true <- Enum.all?([blocks, mutes, reblog_mutes], &(item.actor not in &1)), true <- Enum.all?([blocks, mutes], &(parent.data["actor"] not in &1)), true <- MapSet.disjoint?(recipients, recipient_blocks), -- cgit v1.2.3 From 0c3125861619f164015ee0cf0bdf293d49804926 Mon Sep 17 00:00:00 2001 From: lain Date: Mon, 4 Nov 2019 14:36:54 +0100 Subject: User: Don't pull remote users follower count immediately after deactivating. The other instance doesn't necessarily know that anything changed yet, and it will be fixed up at the next user pull anyway. Closes #1369 --- lib/pleroma/user.ex | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 40171620e..f8c2db1e1 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -1095,7 +1095,12 @@ defmodule Pleroma.User do def deactivate(%User{} = user, status) do with {:ok, user} <- set_activation_status(user, status) do Enum.each(get_followers(user), &invalidate_cache/1) - Enum.each(get_friends(user), &update_follower_count/1) + + # Only update local user counts, remote will be update during the next pull. + user + |> get_friends() + |> Enum.filter(& &1.local) + |> Enum.each(&update_follower_count/1) {:ok, user} end -- cgit v1.2.3 From 5271bbcf11d7182c25c8ca06460823e00920e80d Mon Sep 17 00:00:00 2001 From: Steven Fuchs Date: Mon, 4 Nov 2019 15:18:32 +0000 Subject: add missing tesla mocks --- lib/pleroma/web/rel_me.ex | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/rel_me.ex b/lib/pleroma/web/rel_me.ex index d376e2069..16b1a53d2 100644 --- a/lib/pleroma/web/rel_me.ex +++ b/lib/pleroma/web/rel_me.ex @@ -25,13 +25,13 @@ defmodule Pleroma.Web.RelMe do def parse(_), do: {:error, "No URL provided"} defp parse_url(url) do - {:ok, %Tesla.Env{body: html}} = Pleroma.HTTP.get(url, [], adapter: @hackney_options) - - data = - Floki.attribute(html, "link[rel~=me]", "href") ++ - Floki.attribute(html, "a[rel~=me]", "href") - - {:ok, data} + with {:ok, %Tesla.Env{body: html, status: status}} when status in 200..299 <- + Pleroma.HTTP.get(url, [], adapter: @hackney_options), + data <- + Floki.attribute(html, "link[rel~=me]", "href") ++ + Floki.attribute(html, "a[rel~=me]", "href") do + {:ok, data} + end rescue e -> {:error, "Parsing error: #{inspect(e)}"} end -- cgit v1.2.3 From ed29be24cbdc029614557a5289a9b8c8facddf8e Mon Sep 17 00:00:00 2001 From: eugenijm Date: Thu, 31 Oct 2019 03:44:27 +0300 Subject: Mastodon API, streaming: Add `pleroma.direct_conversation_id` to the `conversation` stream event payload. --- lib/pleroma/web/mastodon_api/views/conversation_view.ex | 6 +++++- lib/pleroma/web/mastodon_api/views/status_view.ex | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/conversation_view.ex b/lib/pleroma/web/mastodon_api/views/conversation_view.ex index e9d2735b3..c5998e661 100644 --- a/lib/pleroma/web/mastodon_api/views/conversation_view.ex +++ b/lib/pleroma/web/mastodon_api/views/conversation_view.ex @@ -34,7 +34,11 @@ defmodule Pleroma.Web.MastodonAPI.ConversationView do id: participation.id |> to_string(), accounts: render(AccountView, "index.json", users: users, as: :user), unread: !participation.read, - last_status: render(StatusView, "show.json", activity: activity, for: user) + last_status: + render(StatusView, "show.json", + activity: activity, + direct_conversation_id: participation.id + ) } end end diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index b785ca9d4..baff54151 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -243,7 +243,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do end direct_conversation_id = - with {_, true} <- {:include_id, opts[:with_direct_conversation_id]}, + with {_, nil} <- {:direct_conversation_id, opts[:direct_conversation_id]}, + {_, true} <- {:include_id, opts[:with_direct_conversation_id]}, {_, %User{} = for_user} <- {:for_user, opts[:for]}, %{data: %{"context" => context}} when is_binary(context) <- activity, %Conversation{} = conversation <- Conversation.get_for_ap_id(context), @@ -251,6 +252,9 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do Participation.for_user_and_conversation(for_user, conversation) do participation_id else + {:direct_conversation_id, participation_id} when is_integer(participation_id) -> + participation_id + _e -> nil end -- cgit v1.2.3 From 4e535209172bb5460353fe011c06d127cfaa5847 Mon Sep 17 00:00:00 2001 From: lain Date: Mon, 4 Nov 2019 16:57:41 +0100 Subject: User Search: Remove superfluous setweight and random test. The test tested for a behavior that isn't actually enforced anymore. --- lib/pleroma/user/search.ex | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user/search.ex b/lib/pleroma/user/search.ex index bab8d92e2..09664db76 100644 --- a/lib/pleroma/user/search.ex +++ b/lib/pleroma/user/search.ex @@ -54,15 +54,7 @@ defmodule Pleroma.User.Search do |> maybe_restrict_local(for_user) end - @nickname_regex ~r/^[a-zA-Z0-9.!#$%&'*+\/=?^_`{|}~\-@]+$/ defp fts_search(query, query_string) do - {nickname_weight, name_weight} = - if String.match?(query_string, @nickname_regex) do - {"A", "B"} - else - {"B", "A"} - end - query_string = to_tsquery(query_string) from( @@ -70,12 +62,10 @@ defmodule Pleroma.User.Search do where: fragment( """ - (setweight(to_tsvector('simple', ?), ?) || setweight(to_tsvector('simple', ?), ?)) @@ to_tsquery('simple', ?) + (to_tsvector('simple', ?) || to_tsvector('simple', ?)) @@ to_tsquery('simple', ?) """, u.name, - ^name_weight, u.nickname, - ^nickname_weight, ^query_string ) ) -- cgit v1.2.3