Merge remote-tracking branch 'tootsuite/master' into merge-upstream

Conflicts: Gemfile config/locales/simple_form.pl.yml
2018-02-17 00:02:37 -06:00
parent e9052ceaaf c770b503c0
commit 3d033a4687
23 changed files with 353 additions and 145 deletions
--- a/config/brakeman.ignore
+++ b/config/brakeman.ignore
@ -7,7 +7,7 @@
      "check_name": "LinkToHref",
      "message": "Potentially unsafe model attribute in link_to href",
      "file": "app/views/admin/accounts/show.html.haml",
-      "line": 143,
+      "line": 147,
      "link": "http://brakemanscanner.org/docs/warning_types/link_to_href",
      "code": "link_to(Account.find(params[:id]).inbox_url, Account.find(params[:id]).inbox_url)",
      "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],
@ -26,7 +26,7 @@
      "check_name": "LinkToHref",
      "message": "Potentially unsafe model attribute in link_to href",
      "file": "app/views/admin/accounts/show.html.haml",
-      "line": 149,
+      "line": 153,
      "link": "http://brakemanscanner.org/docs/warning_types/link_to_href",
      "code": "link_to(Account.find(params[:id]).shared_inbox_url, Account.find(params[:id]).shared_inbox_url)",
      "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],
@ -45,7 +45,7 @@
      "check_name": "LinkToHref",
      "message": "Potentially unsafe model attribute in link_to href",
      "file": "app/views/admin/accounts/show.html.haml",
-      "line": 54,
+      "line": 57,
      "link": "http://brakemanscanner.org/docs/warning_types/link_to_href",
      "code": "link_to(Account.find(params[:id]).url, Account.find(params[:id]).url)",
      "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],
@ -67,7 +67,7 @@
      "line": 3,
      "link": "http://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
      "code": "render(action => \"stream_entries/#{Account.find_local!(params[:account_username]).statuses.find(params[:id]).stream_entry.activity_type.downcase}\", { Account.find_local!(params[:account_username]).statuses.find(params[:id]).stream_entry.activity_type.downcase.to_sym => Account.find_local!(params[:account_username]).statuses.find(params[:id]).stream_entry.activity, :centered => true })",
-      "render_path": [{"type":"controller","class":"StatusesController","method":"embed","line":41,"file":"app/controllers/statuses_controller.rb"}],
+      "render_path": [{"type":"controller","class":"StatusesController","method":"embed","line":45,"file":"app/controllers/statuses_controller.rb"}],
      "location": {
        "type": "template",
        "template": "stream_entries/embed"
@ -102,7 +102,7 @@
      "check_name": "LinkToHref",
      "message": "Potentially unsafe model attribute in link_to href",
      "file": "app/views/admin/accounts/show.html.haml",
-      "line": 152,
+      "line": 156,
      "link": "http://brakemanscanner.org/docs/warning_types/link_to_href",
      "code": "link_to(Account.find(params[:id]).followers_url, Account.find(params[:id]).followers_url)",
      "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],
@ -121,7 +121,7 @@
      "check_name": "LinkToHref",
      "message": "Potentially unsafe model attribute in link_to href",
      "file": "app/views/admin/accounts/show.html.haml",
-      "line": 127,
+      "line": 130,
      "link": "http://brakemanscanner.org/docs/warning_types/link_to_href",
      "code": "link_to(Account.find(params[:id]).salmon_url, Account.find(params[:id]).salmon_url)",
      "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],
@ -140,10 +140,10 @@
      "check_name": "Render",
      "message": "Render path contains parameter value",
      "file": "app/views/admin/custom_emojis/index.html.haml",
-      "line": 31,
+      "line": 45,
      "link": "http://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
      "code": "render(action => filtered_custom_emojis.eager_load(:local_counterpart).page(params[:page]), {})",
-      "render_path": [{"type":"controller","class":"Admin::CustomEmojisController","method":"index","line":10,"file":"app/controllers/admin/custom_emojis_controller.rb"}],
+      "render_path": [{"type":"controller","class":"Admin::CustomEmojisController","method":"index","line":11,"file":"app/controllers/admin/custom_emojis_controller.rb"}],
      "location": {
        "type": "template",
        "template": "admin/custom_emojis/index"
@ -179,7 +179,7 @@
      "check_name": "Render",
      "message": "Render path contains parameter value",
      "file": "app/views/admin/accounts/index.html.haml",
-      "line": 64,
+      "line": 67,
      "link": "http://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
      "code": "render(action => filtered_accounts.page(params[:page]), {})",
      "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"index","line":12,"file":"app/controllers/admin/accounts_controller.rb"}],
@ -191,6 +191,45 @@
      "confidence": "Weak",
      "note": ""
    },
+    {
+      "warning_type": "Cross-Site Request Forgery",
+      "warning_code": 7,
+      "fingerprint": "ab491f72606337a348482d006eb67a3b1616685fd48644d5ac909bbcd62a5000",
+      "check_name": "ForgerySetting",
+      "message": "'protect_from_forgery' should be called in WellKnown::HostMetaController",
+      "file": "app/controllers/well_known/host_meta_controller.rb",
+      "line": 4,
+      "link": "http://brakemanscanner.org/docs/warning_types/cross-site_request_forgery/",
+      "code": null,
+      "render_path": null,
+      "location": {
+        "type": "controller",
+        "controller": "WellKnown::HostMetaController"
+      },
+      "user_input": null,
+      "confidence": "High",
+      "note": ""
+    },
+    {
+      "warning_type": "Redirect",
+      "warning_code": 18,
+      "fingerprint": "ba699ddcc6552c422c4ecd50d2cd217f616a2446659e185a50b05a0f2dad8d33",
+      "check_name": "Redirect",
+      "message": "Possible unprotected redirect",
+      "file": "app/controllers/media_controller.rb",
+      "line": 10,
+      "link": "http://brakemanscanner.org/docs/warning_types/redirect/",
+      "code": "redirect_to(MediaAttachment.attached.find_by!(:shortcode => ((params[:id] or params[:medium_id]))).file.url(:original))",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "MediaController",
+        "method": "show"
+      },
+      "user_input": "MediaAttachment.attached.find_by!(:shortcode => ((params[:id] or params[:medium_id]))).file.url(:original)",
+      "confidence": "High",
+      "note": ""
+    },
    {
      "warning_type": "Cross-Site Scripting",
      "warning_code": 4,
@ -198,7 +237,7 @@
      "check_name": "LinkToHref",
      "message": "Potentially unsafe model attribute in link_to href",
      "file": "app/views/admin/accounts/show.html.haml",
-      "line": 116,
+      "line": 119,
      "link": "http://brakemanscanner.org/docs/warning_types/link_to_href",
      "code": "link_to(Account.find(params[:id]).remote_url, Account.find(params[:id]).remote_url)",
      "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],
@ -249,6 +288,25 @@
      "confidence": "Weak",
      "note": ""
    },
+    {
+      "warning_type": "Cross-Site Request Forgery",
+      "warning_code": 7,
+      "fingerprint": "d4278f04e807ec58a23925f8ab31fad5e84692f2fb9f2f57e7931aff05d57cf8",
+      "check_name": "ForgerySetting",
+      "message": "'protect_from_forgery' should be called in WellKnown::WebfingerController",
+      "file": "app/controllers/well_known/webfinger_controller.rb",
+      "line": 4,
+      "link": "http://brakemanscanner.org/docs/warning_types/cross-site_request_forgery/",
+      "code": null,
+      "render_path": null,
+      "location": {
+        "type": "controller",
+        "controller": "WellKnown::WebfingerController"
+      },
+      "user_input": null,
+      "confidence": "High",
+      "note": ""
+    },
    {
      "warning_type": "Cross-Site Scripting",
      "warning_code": 4,
@ -256,7 +314,7 @@
      "check_name": "LinkToHref",
      "message": "Potentially unsafe model attribute in link_to href",
      "file": "app/views/admin/accounts/show.html.haml",
-      "line": 146,
+      "line": 150,
      "link": "http://brakemanscanner.org/docs/warning_types/link_to_href",
      "code": "link_to(Account.find(params[:id]).outbox_url, Account.find(params[:id]).outbox_url)",
      "render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],
@ -275,10 +333,10 @@
      "check_name": "Render",
      "message": "Render path contains parameter value",
      "file": "app/views/stream_entries/show.html.haml",
-      "line": 21,
+      "line": 24,
      "link": "http://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
      "code": "render(partial => \"stream_entries/#{Account.find_local!(params[:account_username]).statuses.find(params[:id]).stream_entry.activity_type.downcase}\", { :locals => ({ Account.find_local!(params[:account_username]).statuses.find(params[:id]).stream_entry.activity_type.downcase.to_sym => Account.find_local!(params[:account_username]).statuses.find(params[:id]).stream_entry.activity, :include_threads => true }) })",
-      "render_path": [{"type":"controller","class":"StatusesController","method":"show","line":20,"file":"app/controllers/statuses_controller.rb"}],
+      "render_path": [{"type":"controller","class":"StatusesController","method":"show","line":22,"file":"app/controllers/statuses_controller.rb"}],
      "location": {
        "type": "template",
        "template": "stream_entries/show"
@ -288,6 +346,6 @@
      "note": ""
    }
  ],
-  "updated": "2017-11-19 20:34:18 +0100",
+  "updated": "2018-02-16 06:42:53 +0100",
  "brakeman_version": "4.0.1"
 }
--- a/config/locales/ca.yml
+++ b/config/locales/ca.yml
@ -551,7 +551,7 @@ ca:
    reblog:
      title: "%{name} t'ha retootejat"
  remote_follow:
-    acct: Escriu l'usuari@domini de la persona que vols seguir
+    acct: Escriu el teu usuari@domini des del qual vols seguir
    missing_resource: No s'ha pogut trobar la URL de redirecció necessaria per al compte
    proceed: Comença a seguir
    prompt: 'Seguiràs a:'
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@ -551,7 +551,7 @@ es:
    reblog:
      title: "%{name} boosteó tu estado"
  remote_follow:
-    acct: Ingesa el usuario@dominio de la persona que quieres seguir
+    acct: Ingesa tu usuario@dominio desde el que quieres seguir
    missing_resource: No se pudo encontrar la URL de redirección requerida para tu cuenta
    proceed: Proceder a seguir
    prompt: 'Vas a seguir a:'
--- a/config/locales/pl.yml
+++ b/config/locales/pl.yml
@ -359,6 +359,7 @@ pl:
  auth:
    agreement_html: Rejestrując się, oświadczasz, że zapoznałeś się z <a href="%{rules_path}">informacjami o instancji</a> i <a href="%{terms_path}">zasadami korzystania z usługi</a>.
    change_password: Bezpieczeństwo
+    confirm_email: Potwierdź adres e-mail
    delete_account: Usunięcie konta
    delete_account_html: Jeżeli chcesz usunąć konto, <a href="%{path}">przejdź tutaj</a>. Otrzymasz prośbę o potwierdzenie.
    didnt_get_confirmation: Nie otrzymałeś instrukcji weryfikacji?
@ -368,6 +369,10 @@ pl:
    logout: Wyloguj się
    migrate_account: Przenieś konto
    migrate_account_html: Jeżeli chcesz skonfigurować przekierowanie z obecnego konta na inne, możesz <a href="%{path}">skonfigurować to tutaj</a>.
+    or_log_in_with: Lub zaloguj się używając
+    providers:
+      cas: CAS
+      saml: SAML
    register: Rejestracja
    resend_confirmation: Ponownie prześlij instrukcje weryfikacji
    reset_password: Zresetuj hasło
--- a/config/locales/simple_form.pl.yml
+++ b/config/locales/simple_form.pl.yml
@ -49,6 +49,7 @@ pl:
        setting_default_privacy: Widoczność wpisów
        setting_default_sensitive: Zawsze oznaczaj zawartość multimedialną jako wrażliwą
        setting_delete_modal: Pytaj o potwierdzenie przed usunięciem wpisu
+        setting_display_sensitive_media: Zawsze oznaczaj zawartość multimedialną jako wrażliwą
        setting_favourite_modal: Pytaj o potwierdzenie przed dodaniem do ulubionych
        setting_noindex: Nie indeksuj mojego profilu w wyszukiwarkach internetowych
        setting_reduce_motion: Ogranicz ruch w animacjach
@ -58,6 +59,7 @@ pl:
        severity: Priorytet
        type: Typ importu
        username: Nazwa użytkownika
+        username_or_email: Nazwa użytkownika lub adres e-mail
      interactions:
        must_be_follower: Nie wyświetlaj powiadomień od osób, które Cię nie śledzą
        must_be_following: Nie wyświetlaj powiadomień od osób, których nie śledzisz
--- a/config/routes.rb
+++ b/config/routes.rb
@ -112,7 +112,10 @@ Rails.application.routes.draw do
    resources :sessions, only: [:destroy]
  end

-  resources :media,  only: [:show]
+  resources :media, only: [:show] do
+    get :player
+  end
+
  resources :tags,   only: [:show]
  resources :emojis, only: [:show]
  resources :invites, only: [:index, :create, :destroy]