tarrien/Mastodon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into glitch-soc/merge-upstream

Browse Source 
Conflicts:
- `app/models/form/admin_settings.rb`:
  New setting added upstream. Ported it.
- `app/views/statuses/_simple_status.html.haml`:
  Upstream removed RTL classes. Did the same.
- `config/settings.yml`:
  New setting added upstream. Ported it.
This commit is contained in:
Claire
2020-12-15 14:27:06 +01:00
parent 1978f7265e 8485c436d5
commit e4f8679eae
69 changed files with 553 additions and 297 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
config/brakeman.ignore
View File

@@ -102,6 +102,37 @@
"confidence": "Weak",
"note": ""
},
{
"warning_type": "Dynamic Render Path",
"warning_code": 15,
"fingerprint": "4704e8093e3e0561bf705f892e8fc6780419f8255f4440b1c0afd09339bd6446",
"check_name": "Render",
"message": "Render path contains parameter value",
"file": "app/views/admin/instances/index.html.haml",
"line": 39,
"link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
"code": "render(action => filtered_instances.page(params[:page]), {})",
"render_path": [
{
"type": "controller",
"class": "Admin::InstancesController",
"method": "index",
"line": 10,
"file": "app/controllers/admin/instances_controller.rb",
"rendered": {
"name": "admin/instances/index",
"file": "app/views/admin/instances/index.html.haml"
}
}
],
"location": {
"type": "template",
"template": "admin/instances/index"
},
"user_input": "params[:page]",
"confidence": "Weak",
"note": ""
},
{
"warning_type": "Redirect",
"warning_code": 18,
@@ -122,6 +153,26 @@
"confidence": "High",
"note": ""
},
{
"warning_type": "SQL Injection",
"warning_code": 0,
"fingerprint": "6e4051854bb62e2ddbc671f82d6c2328892e1134b8b28105ecba9b0122540714",
"check_name": "SQL",
"message": "Possible SQL injection",
"file": "app/models/account.rb",
"line": 491,
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
"code": "find_by_sql([\" WITH first_degree AS (\\n SELECT target_account_id\\n FROM follows\\n WHERE account_id = ?\\n UNION ALL\\n SELECT ?\\n )\\n SELECT\\n accounts.*,\\n (count(f.id) + 1) * ts_rank_cd(#{textsearch}, #{query}, 32) AS rank\\n FROM accounts\\n LEFT OUTER JOIN follows AS f ON (accounts.id = f.account_id AND f.target_account_id = ?)\\n WHERE accounts.id IN (SELECT * FROM first_degree)\\n AND #{query} @@ #{textsearch}\\n AND accounts.suspended_at IS NULL\\n AND accounts.moved_to_account_id IS NULL\\n GROUP BY accounts.id\\n ORDER BY rank DESC\\n LIMIT ? OFFSET ?\\n\".squish, account.id, account.id, account.id, limit, offset])",
"render_path": null,
"location": {
"type": "method",
"class": "Account",
"method": "advanced_search_for"
},
"user_input": "textsearch",
"confidence": "Medium",
"note": ""
},
{
"warning_type": "SQL Injection",
"warning_code": 0,
@@ -163,23 +214,23 @@
"note": ""
},
{
"warning_type": "Mass Assignment",
"warning_code": 105,
"fingerprint": "8f63dec68951d9bcf7eddb15af9392b2e1333003089c41fb76688dfd3579f394",
"check_name": "PermitAttributes",
"message": "Potentially dangerous key allowed for mass assignment",
"file": "app/controllers/api/v1/crypto/deliveries_controller.rb",
"line": 23,
"link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
"code": "params.require(:device).permit(:account_id, :device_id, :type, :body, :hmac)",
"warning_type": "SQL Injection",
"warning_code": 0,
"fingerprint": "9251d682c4e2840e1b2fea91e7d758efe2097ecb7f6255c065e3750d25eb178c",
"check_name": "SQL",
"message": "Possible SQL injection",
"file": "app/models/account.rb",
"line": 460,
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
"code": "find_by_sql([\" SELECT\\n accounts.*,\\n ts_rank_cd(#{textsearch}, #{query}, 32) AS rank\\n FROM accounts\\n WHERE #{query} @@ #{textsearch}\\n AND accounts.suspended_at IS NULL\\n AND accounts.moved_to_account_id IS NULL\\n ORDER BY rank DESC\\n LIMIT ? OFFSET ?\\n\".squish, limit, offset])",
"render_path": null,
"location": {
"type": "method",
"class": "Api::V1::Crypto::DeliveriesController",
"method": "resource_params"
"class": "Account",
"method": "search_for"
},
"user_input": ":account_id",
"confidence": "High",
"user_input": "textsearch",
"confidence": "Medium",
"note": ""
},
{
@@ -273,6 +324,26 @@
"confidence": "High",
"note": ""
},
{
"warning_type": "SQL Injection",
"warning_code": 0,
"fingerprint": "e21d8fee7a5805761679877ca35ed1029c64c45ef3b4012a30262623e1ba8bb9",
"check_name": "SQL",
"message": "Possible SQL injection",
"file": "app/models/account.rb",
"line": 507,
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
"code": "find_by_sql([\" SELECT\\n accounts.*,\\n (count(f.id) + 1) * ts_rank_cd(#{textsearch}, #{query}, 32) AS rank\\n FROM accounts\\n LEFT OUTER JOIN follows AS f ON (accounts.id = f.account_id AND f.target_account_id = ?) OR (accounts.id = f.target_account_id AND f.account_id = ?)\\n WHERE #{query} @@ #{textsearch}\\n AND accounts.suspended_at IS NULL\\n AND accounts.moved_to_account_id IS NULL\\n GROUP BY accounts.id\\n ORDER BY rank DESC\\n LIMIT ? OFFSET ?\\n\".squish, account.id, account.id, limit, offset])",
"render_path": null,
"location": {
"type": "method",
"class": "Account",
"method": "advanced_search_for"
},
"user_input": "textsearch",
"confidence": "Medium",
"note": ""
},
{
"warning_type": "Mass Assignment",
"warning_code": 105,
@@ -294,6 +365,6 @@
"note": ""
}
],
"updated": "2020-06-01 18:18:02 +0200",
"brakeman_version": "4.8.0"
"updated": "2020-12-07 01:17:13 +0100",
"brakeman_version": "4.10.0"
}

11
config/initializers/paperclip.rb
View File

@@ -113,3 +113,14 @@ else
end
Paperclip.options[:content_type_mappings] = { csv: Import::FILE_TYPES }
# In some places in the code, we rescue this exception, but we don't always
# load the S3 library, so it may be an undefined constant:
unless defined?(Seahorse)
module Seahorse
module Client
class NetworkingError < StandardError; end
end
end
end

9
config/locales/en.yml
View File

@@ -131,6 +131,7 @@ en:
follows: Follows
header: Header
inbox_url: Inbox URL
invite_request_text: Reasons for joining
invited_by: Invited by
ip: IP
joined: Joined
@@ -255,6 +256,7 @@ en:
unsuspend_account: Unsuspend Account
update_announcement: Update Announcement
update_custom_emoji: Update Custom Emoji
update_domain_block: Update Domain Block
update_status: Update Status
actions:
assigned_to_self_report: "%{name} assigned report %{target} to themselves"
@@ -295,6 +297,7 @@ en:
unsuspend_account: "%{name} unsuspended %{target}'s account"
update_announcement: "%{name} updated announcement %{target}"
update_custom_emoji: "%{name} updated emoji %{target}"
update_domain_block: "%{name} updated domain block for %{target}"
update_status: "%{name} updated status by %{target}"
deleted_status: "(deleted status)"
empty: No logs found.
@@ -437,6 +440,7 @@ en:
instances:
by_domain: Domain
delivery_available: Delivery is available
empty: No domains found.
known_accounts:
one: "%{count} known account"
other: "%{count} known accounts"
@@ -514,6 +518,8 @@ en:
comment:
none: None
created_at: Reported
forwarded: Forwarded
forwarded_to: Forwarded to %{domain}
mark_as_resolved: Mark as resolved
mark_as_unresolved: Mark as unresolved
notes:
@@ -583,6 +589,9 @@ en:
min_invite_role:
disabled: No one
title: Allow invitations by
require_invite_text:
desc_html: When registrations require manual approval, make the “Why do you want to join?” invite request text mandatory rather than optional
title: Require new users to fill an invite request text
registrations_mode:
modes:
approved: Approval required for sign up

1
config/settings.yml
View File

@@ -79,6 +79,7 @@ defaults: &defaults
show_domain_blocks: 'disabled'
show_domain_blocks_rationale: 'disabled'
outgoing_spoilers: ''
require_invite_text: false
development:
<<: *defaults

17
config/sidekiq.yml
View File

@@ -5,34 +5,51 @@
- [push, 4]
- [mailers, 2]
- [pull]
- [scheduler]
:scheduler:
:listened_queues_only: true
:schedule:
scheduled_statuses_scheduler:
every: '5m'
class: Scheduler::ScheduledStatusesScheduler
queue: scheduler
trending_tags_scheduler:
every: '5m'
class: Scheduler::TrendingTagsScheduler
queue: scheduler
media_cleanup_scheduler:
cron: '<%= Random.rand(0..59) %> <%= Random.rand(3..5) %> * * *'
class: Scheduler::MediaCleanupScheduler
queue: scheduler
feed_cleanup_scheduler:
cron: '<%= Random.rand(0..59) %> <%= Random.rand(0..2) %> * * *'
class: Scheduler::FeedCleanupScheduler
queue: scheduler
doorkeeper_cleanup_scheduler:
cron: '<%= Random.rand(0..59) %> <%= Random.rand(0..2) %> * * 0'
class: Scheduler::DoorkeeperCleanupScheduler
queue: scheduler
user_cleanup_scheduler:
cron: '<%= Random.rand(0..59) %> <%= Random.rand(4..6) %> * * *'
class: Scheduler::UserCleanupScheduler
queue: scheduler
ip_cleanup_scheduler:
cron: '<%= Random.rand(0..59) %> <%= Random.rand(3..5) %> * * *'
class: Scheduler::IpCleanupScheduler
queue: scheduler
email_scheduler:
cron: '0 10 * * 2'
class: Scheduler::EmailScheduler
queue: scheduler
backup_cleanup_scheduler:
cron: '<%= Random.rand(0..59) %> <%= Random.rand(3..5) %> * * *'
class: Scheduler::BackupCleanupScheduler
queue: scheduler
pghero_scheduler:
cron: '0 0 * * *'
class: Scheduler::PgheroScheduler
queue: scheduler
instance_refresh_scheduler:
cron: '0 * * * *'
class: Scheduler::InstanceRefreshScheduler
queue: scheduler