tarrien/Mastodon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'main' into glitch-soc/merge-upstream

Browse Source
This commit is contained in:
Claire
2021-05-12 11:03:05 +02:00
parent ffc3f8eebe 70f6f2e9b7
commit dc58d02192
23 changed files with 135 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
config/brakeman.ignore
View File

@@ -7,7 +7,7 @@
"check_name": "SQL",
"message": "Possible SQL injection",
"file": "app/models/report.rb",
"line": 112,
"line": 113,
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
"code": "Admin::ActionLog.from(\"(#{[Admin::ActionLog.where(:target_type => \"Report\", :target_id => id, :created_at => ((created_at..updated_at))).unscope(:order), Admin::ActionLog.where(:target_type => \"Account\", :target_id => target_account_id, :created_at => ((created_at..updated_at))).unscope(:order), Admin::ActionLog.where(:target_type => \"Status\", :target_id => status_ids, :created_at => ((created_at..updated_at))).unscope(:order)].map do\n \"(#{query.to_sql})\"\n end.join(\" UNION ALL \")}) AS admin_action_logs\")",
"render_path": null,
@@ -67,7 +67,7 @@
"check_name": "SQL",
"message": "Possible SQL injection",
"file": "app/models/account.rb",
"line": 491,
"line": 479,
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
"code": "find_by_sql([\" WITH first_degree AS (\\n SELECT target_account_id\\n FROM follows\\n WHERE account_id = ?\\n UNION ALL\\n SELECT ?\\n )\\n SELECT\\n accounts.*,\\n (count(f.id) + 1) * ts_rank_cd(#{textsearch}, #{query}, 32) AS rank\\n FROM accounts\\n LEFT OUTER JOIN follows AS f ON (accounts.id = f.account_id AND f.target_account_id = ?)\\n WHERE accounts.id IN (SELECT * FROM first_degree)\\n AND #{query} @@ #{textsearch}\\n AND accounts.suspended_at IS NULL\\n AND accounts.moved_to_account_id IS NULL\\n GROUP BY accounts.id\\n ORDER BY rank DESC\\n LIMIT ? OFFSET ?\\n\".squish, account.id, account.id, account.id, limit, offset])",
"render_path": null,
@@ -120,6 +120,26 @@
"confidence": "High",
"note": ""
},
{
"warning_type": "Mass Assignment",
"warning_code": 105,
"fingerprint": "874be88fedf4c680926845e9a588d3197765a6ccbfdd76466b44cc00151c612e",
"check_name": "PermitAttributes",
"message": "Potentially dangerous key allowed for mass assignment",
"file": "app/controllers/api/v1/admin/reports_controller.rb",
"line": 78,
"link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
"code": "params.permit(:resolved, :account_id, :target_account_id)",
"render_path": null,
"location": {
"type": "method",
"class": "Api::V1::Admin::ReportsController",
"method": "filter_params"
},
"user_input": ":account_id",
"confidence": "High",
"note": ""
},
{
"warning_type": "SQL Injection",
"warning_code": 0,
@@ -127,7 +147,7 @@
"check_name": "SQL",
"message": "Possible SQL injection",
"file": "app/models/account.rb",
"line": 460,
"line": 448,
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
"code": "find_by_sql([\" SELECT\\n accounts.*,\\n ts_rank_cd(#{textsearch}, #{query}, 32) AS rank\\n FROM accounts\\n WHERE #{query} @@ #{textsearch}\\n AND accounts.suspended_at IS NULL\\n AND accounts.moved_to_account_id IS NULL\\n ORDER BY rank DESC\\n LIMIT ? OFFSET ?\\n\".squish, limit, offset])",
"render_path": null,
@@ -207,7 +227,7 @@
"check_name": "SQL",
"message": "Possible SQL injection",
"file": "app/models/account.rb",
"line": 507,
"line": 495,
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
"code": "find_by_sql([\" SELECT\\n accounts.*,\\n (count(f.id) + 1) * ts_rank_cd(#{textsearch}, #{query}, 32) AS rank\\n FROM accounts\\n LEFT OUTER JOIN follows AS f ON (accounts.id = f.account_id AND f.target_account_id = ?) OR (accounts.id = f.target_account_id AND f.account_id = ?)\\n WHERE #{query} @@ #{textsearch}\\n AND accounts.suspended_at IS NULL\\n AND accounts.moved_to_account_id IS NULL\\n GROUP BY accounts.id\\n ORDER BY rank DESC\\n LIMIT ? OFFSET ?\\n\".squish, account.id, account.id, limit, offset])",
"render_path": null,
@@ -241,6 +261,6 @@
"note": ""
}
],
"updated": "2020-12-07 01:17:13 +0100",
"brakeman_version": "4.10.0"
"updated": "2021-05-11 20:22:27 +0900",
"brakeman_version": "5.0.1"
}

2
config/locales/gd.yml
View File

File diff suppressed because one or more lines are too long

2
config/locales/gl.yml
View File

@@ -23,7 +23,7 @@ gl:
hosted_on: Mastodon aloxado en %{domain}
instance_actor_flash: 'Esta conta é un actor virtual utilizado para representar ao servidor e non a unha usuaria individual. Utilízase para propósitos de federación e non debería estar bloqueada a menos que queiras bloquear a toda a instancia, en tal caso deberías utilizar o bloqueo do dominio.
'
'
learn_more: Saber máis
privacy_policy: Política de privacidade
rules: Regras do servidor

8
config/locales/is.yml
View File

@@ -272,7 +272,7 @@ is:
create_domain_allow_html: "%{name} leyfði skýjasamband með léninu %{target}"
create_domain_block_html: "%{name} útilokaði lénið %{target}"
create_email_domain_block_html: "%{name} útilokaði póstlénið %{target}"
create_ip_block_html: "{name} útbjó reglu fyrir IP-vistfangið %{target}"
create_ip_block_html: "%{name} útbjó reglu fyrir IP-vistfangið %{target}"
create_unavailable_domain_html: "%{name} stöðvaði afhendingu til lénsins %{target}"
demote_user_html: "%{name} lækkaði notandann %{target} í tign"
destroy_announcement_html: "%{name} eyddi tilkynninguni %{target}"
@@ -280,7 +280,7 @@ is:
destroy_domain_allow_html: "%{name} bannaði skýjasamband með léninu %{target}"
destroy_domain_block_html: "%{name} aflétti útilokun af léninu %{target}"
destroy_email_domain_block_html: "%{name} aflétti útilokun af póstléninu %{target}"
destroy_ip_block_html: "{name} eyddi reglu fyrir IP-vistfangið %{target}"
destroy_ip_block_html: "%{name} eyddi reglu fyrir IP-vistfangið %{target}"
destroy_status_html: "%{name} fjarlægði stöðufærslu frá %{target}"
destroy_unavailable_domain_html: "%{name} hóf aftur afhendingu til lénsins %{target}"
disable_2fa_user_html: "%{name} gerði kröfu um tveggja-þátta innskráningu óvirka fyrir notandann %{target}"
@@ -290,7 +290,7 @@ is:
enable_user_html: "%{name} gerði innskráningu virka fyrir notandann %{target}"
memorialize_account_html: "%{name} breytti notandaaðgangnum %{target} í minningargreinarsíðu"
promote_user_html: "%{name} hækkaði notandann %{target} í tign"
remove_avatar_user_html: "{name} fjarlægði auðkennismynd af %{target}"
remove_avatar_user_html: "%{name} fjarlægði auðkennismynd af %{target}"
reopen_report_html: "%{name} enduropnaði kæru %{target}"
reset_password_user_html: "%{name} endurstillti lykilorð fyrir notandann %{target}"
resolve_report_html: "%{name} leysti kæru %{target}"
@@ -300,7 +300,7 @@ is:
unassigned_report_html: "%{name} fjarlægði úthlutun af kæru %{target}"
unsensitive_account_html: "%{name} tók merkinguna viðkvæmt af myndefni frá %{target}"
unsilence_account_html: "%{name} hætti að hylja notandaaðganginn %{target}"
unsuspend_account_html: "%{name} tók notandaaðganginn {target} úr bið"
unsuspend_account_html: "%{name} tók notandaaðganginn %{target} úr bið"
update_announcement_html: "%{name} uppfærði tilkynningu %{target}"
update_custom_emoji_html: "%{name} uppfærði tjáningartáknið %{target}"
update_domain_block_html: "%{name} uppfærði lénalás fyrir %{target}"

2
config/locales/sc.yml
View File

@@ -23,7 +23,7 @@ sc:
hosted_on: Mastodon allogiadu in %{domain}
instance_actor_flash: 'Custu contu est un''atore virtuale impreadu pro rapresentare su pròpiu serbidore, no est un''utente individuale. Benit impreadu pro punnas de federatzione e no ddu dias dèpere blocare si non boles blocare su domìniu intreu, e in cussu casu dias dèpere impreare unu blocu de domìniu.
'
'
learn_more: Àteras informatziones
privacy_policy: Polìtica de riservadesa
rules: Règulas de su serbidore