Merge branch 'release/2.5.1' into 'stable'

release: 2.5.1

See merge request pleroma/pleroma!3841

12 files changed, 212 insertions, 7 deletions

diff --git a/test/fixtures/image_with_imagedescription_and_caption-abstract_and_stray_data_after.png b/test/fixtures/image_with_imagedescription_and_caption-abstract_and_stray_data_after.png
new file mode 100644
index 000000000..7ce8640fa
--- /dev/null
+++ b/test/fixtures/image_with_imagedescription_and_caption-abstract_and_stray_data_after.png
diff --git a/test/fixtures/image_with_stray_data_after.png b/test/fixtures/image_with_stray_data_after.png
new file mode 100755
index 000000000..a280e4377
--- /dev/null
+++ b/test/fixtures/image_with_stray_data_after.png
diff --git a/test/pleroma/notification_test.exs b/test/pleroma/notification_test.exs
index 255097ed0..e55aa3a08 100644
--- a/test/pleroma/notification_test.exs
+++ b/test/pleroma/notification_test.exs
@@ -334,6 +334,32 @@ defmodule Pleroma.NotificationTest do
       refute Notification.create_notification(activity, followed)
     end
 
+    test "it disables notifications from non-followees" do
+      follower = insert(:user)
+
+      followed =
+        insert(:user,
+          notification_settings: %Pleroma.User.NotificationSetting{block_from_strangers: true}
+        )
+
+      CommonAPI.follow(follower, followed)
+      {:ok, activity} = CommonAPI.post(follower, %{status: "hey @#{followed.nickname}"})
+      refute Notification.create_notification(activity, followed)
+    end
+
+    test "it allows notifications from followees" do
+      poster = insert(:user)
+
+      receiver =
+        insert(:user,
+          notification_settings: %Pleroma.User.NotificationSetting{block_from_strangers: true}
+        )
+
+      CommonAPI.follow(receiver, poster)
+      {:ok, activity} = CommonAPI.post(poster, %{status: "hey @#{receiver.nickname}"})
+      assert Notification.create_notification(activity, receiver)
+    end
+
     test "it doesn't create a notification for user if he is the activity author" do
       activity = insert(:note_activity)
       author = User.get_cached_by_ap_id(activity.data["actor"])
@@ -1225,5 +1251,32 @@ defmodule Pleroma.NotificationTest do
 
       assert length(Notification.for_user(user)) == 1
     end
+
+    test "it returns notifications when related object is without content and filters are defined",
+         %{user: user} do
+      followed_user = insert(:user, is_locked: true)
+
+      insert(:filter, user: followed_user, phrase: "test", hide: true)
+
+      {:ok, _, _, _activity} = CommonAPI.follow(user, followed_user)
+      refute FollowingRelationship.following?(user, followed_user)
+      assert [notification] = Notification.for_user(followed_user)
+
+      assert %{type: "follow_request"} =
+               NotificationView.render("show.json", %{
+                 notification: notification,
+                 for: followed_user
+               })
+
+      assert {:ok, _} = CommonAPI.accept_follow_request(user, followed_user)
+
+      assert [notification] = Notification.for_user(followed_user)
+
+      assert %{type: "follow"} =
+               NotificationView.render("show.json", %{
+                 notification: notification,
+                 for: followed_user
+               })
+    end
   end
 end
diff --git a/test/pleroma/upload/filter/exiftool/read_description_test.exs b/test/pleroma/upload/filter/exiftool/read_description_test.exs
index 7389fda47..7cc83969d 100644
--- a/test/pleroma/upload/filter/exiftool/read_description_test.exs
+++ b/test/pleroma/upload/filter/exiftool/read_description_test.exs
@@ -42,6 +42,33 @@ defmodule Pleroma.Upload.Filter.Exiftool.ReadDescriptionTest do
              {:ok, :filtered, uploads_after}
   end
 
+  test "Ignores warnings" do
+    uploads = %Pleroma.Upload{
+      name: "image_with_imagedescription_and_caption-abstract_and_stray_data_after.png",
+      content_type: "image/png",
+      path:
+        Path.absname(
+          "test/fixtures/image_with_imagedescription_and_caption-abstract_and_stray_data_after.png"
+        ),
+      tempfile:
+        Path.absname(
+          "test/fixtures/image_with_imagedescription_and_caption-abstract_and_stray_data_after.png"
+        )
+    }
+
+    assert {:ok, :filtered, %{description: "a descriptive white pixel"}} =
+             Filter.Exiftool.ReadDescription.filter(uploads)
+
+    uploads = %Pleroma.Upload{
+      name: "image_with_stray_data_after.png",
+      content_type: "image/png",
+      path: Path.absname("test/fixtures/image_with_stray_data_after.png"),
+      tempfile: Path.absname("test/fixtures/image_with_stray_data_after.png")
+    }
+
+    assert {:ok, :filtered, %{description: nil}} = Filter.Exiftool.ReadDescription.filter(uploads)
+  end
+
   test "otherwise returns iptc:Caption-Abstract when present" do
     upload = %Pleroma.Upload{
       name: "image_with_caption-abstract.jpg",
diff --git a/test/pleroma/upload/filter/exiftool/strip_location_test.exs b/test/pleroma/upload/filter/exiftool/strip_location_test.exs
index 7e1541f60..bcb5f3f60 100644
--- a/test/pleroma/upload/filter/exiftool/strip_location_test.exs
+++ b/test/pleroma/upload/filter/exiftool/strip_location_test.exs
@@ -31,12 +31,19 @@ defmodule Pleroma.Upload.Filter.Exiftool.StripLocationTest do
     refute String.match?(exif_filtered, ~r/GPS/)
   end
 
-  test "verify webp files are skipped" do
-    upload = %Pleroma.Upload{
-      name: "sample.webp",
-      content_type: "image/webp"
-    }
-
-    assert Filter.Exiftool.StripLocation.filter(upload) == {:ok, :noop}
+  test "verify webp, heic, svg  files are skipped" do
+    uploads =
+      ~w{webp heic svg svg+xml}
+      |> Enum.map(fn type ->
+        %Pleroma.Upload{
+          name: "sample.#{type}",
+          content_type: "image/#{type}"
+        }
+      end)
+
+    uploads
+    |> Enum.each(fn upload ->
+      assert Filter.Exiftool.StripLocation.filter(upload) == {:ok, :noop}
+    end)
   end
 end
diff --git a/test/pleroma/web/activity_pub/activity_pub_test.exs b/test/pleroma/web/activity_pub/activity_pub_test.exs
index fc6fc039d..a6f8b6152 100644
--- a/test/pleroma/web/activity_pub/activity_pub_test.exs
+++ b/test/pleroma/web/activity_pub/activity_pub_test.exs
@@ -1342,6 +1342,14 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
       %{test_file: test_file}
     end
 
+    test "strips / from filename", %{test_file: file} do
+      file = %Plug.Upload{file | filename: "../../../../../nested/bad.jpg"}
+      {:ok, %Object{} = object} = ActivityPub.upload(file)
+      [%{"href" => href}] = object.data["url"]
+      assert Regex.match?(~r"/bad.jpg$", href)
+      refute Regex.match?(~r"/nested/", href)
+    end
+
     test "sets a description if given", %{test_file: file} do
       {:ok, %Object{} = object} = ActivityPub.upload(file, description: "a cool file")
       assert object.data["name"] == "a cool file"
diff --git a/test/pleroma/web/admin_api/controllers/report_controller_test.exs b/test/pleroma/web/admin_api/controllers/report_controller_test.exs
index aee26d80a..c141cf69d 100644
--- a/test/pleroma/web/admin_api/controllers/report_controller_test.exs
+++ b/test/pleroma/web/admin_api/controllers/report_controller_test.exs
@@ -366,6 +366,34 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
                |> json_response_and_validate_schema(:ok)
     end
 
+    test "renders content correctly", %{conn: conn} do
+      [reporter, target_user] = insert_pair(:user)
+      note = insert(:note, user: target_user, data: %{"content" => "mew 1"})
+      note2 = insert(:note, user: target_user, data: %{"content" => "mew 2"})
+      activity = insert(:note_activity, user: target_user, note: note)
+      activity2 = insert(:note_activity, user: target_user, note: note2)
+
+      {:ok, _report} =
+        CommonAPI.report(reporter, %{
+          account_id: target_user.id,
+          comment: "I feel offended",
+          status_ids: [activity.id, activity2.id]
+        })
+
+      CommonAPI.delete(activity.id, target_user)
+      CommonAPI.delete(activity2.id, target_user)
+
+      response =
+        conn
+        |> get(report_path(conn, :index))
+        |> json_response_and_validate_schema(:ok)
+
+      assert [open_report] = response["reports"]
+      assert %{"statuses" => [s1, s2]} = open_report
+      assert "mew 1" in [s1["content"], s2["content"]]
+      assert "mew 2" in [s1["content"], s2["content"]]
+    end
+
     test "returns 403 when requested by a non-admin" do
       user = insert(:user)
       token = insert(:oauth_token, user: user)
diff --git a/test/pleroma/web/common_api/utils_test.exs b/test/pleroma/web/common_api/utils_test.exs
index b538c5979..d309c6ded 100644
--- a/test/pleroma/web/common_api/utils_test.exs
+++ b/test/pleroma/web/common_api/utils_test.exs
@@ -178,6 +178,10 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
       code = "https://github.com/pragdave/earmark/"
       {result, [], []} = Utils.format_input(code, "text/markdown")
       assert result == ~s[<p><a href="#{code}">#{code}</a></p>]
+
+      code = "https://github.com/~foo/bar"
+      {result, [], []} = Utils.format_input(code, "text/markdown")
+      assert result == ~s[<p><a href="#{code}">#{code}</a></p>]
     end
 
     test "link with local mention" do
diff --git a/test/pleroma/web/common_api_test.exs b/test/pleroma/web/common_api_test.exs
index 44355c26d..5c9103e9f 100644
--- a/test/pleroma/web/common_api_test.exs
+++ b/test/pleroma/web/common_api_test.exs
@@ -518,6 +518,25 @@ defmodule Pleroma.Web.CommonAPITest do
     assert Object.tags(object) == ["2hu"]
   end
 
+  test "zwnj is treated as word character" do
+    user = insert(:user)
+    {:ok, activity} = CommonAPI.post(user, %{status: "#ساٴين‌س"})
+
+    object = Object.normalize(activity, fetch: false)
+
+    assert Object.tags(object) == ["ساٴين‌س"]
+  end
+
+  test "double dot in link is allowed" do
+    user = insert(:user)
+    text = "https://example.to/something..mp3"
+    {:ok, activity} = CommonAPI.post(user, %{status: text})
+
+    object = Object.normalize(activity, fetch: false)
+
+    assert object.data["content"] == "<a href=\"#{text}\" rel=\"ugc\">#{text}</a>"
+  end
+
   test "it adds emoji in the object" do
     user = insert(:user)
     {:ok, activity} = CommonAPI.post(user, %{status: ":firefox:"})
diff --git a/test/pleroma/web/mastodon_api/controllers/instance_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/instance_controller_test.exs
index 13e3ffc0a..a556ef6a8 100644
--- a/test/pleroma/web/mastodon_api/controllers/instance_controller_test.exs
+++ b/test/pleroma/web/mastodon_api/controllers/instance_controller_test.exs
@@ -92,4 +92,18 @@ defmodule Pleroma.Web.MastodonAPI.InstanceControllerTest do
 
     assert ["peer1.com", "peer2.com"] == Enum.sort(result)
   end
+
+  test "instance languages", %{conn: conn} do
+    assert %{"languages" => ["en"]} =
+             conn
+             |> get("/api/v1/instance")
+             |> json_response_and_validate_schema(200)
+
+    clear_config([:instance, :languages], ["aa", "bb"])
+
+    assert %{"languages" => ["aa", "bb"]} =
+             conn
+             |> get("/api/v1/instance")
+             |> json_response_and_validate_schema(200)
+  end
 end
diff --git a/test/pleroma/web/mastodon_api/controllers/media_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/media_controller_test.exs
index 79d52bb2f..750296230 100644
--- a/test/pleroma/web/mastodon_api/controllers/media_controller_test.exs
+++ b/test/pleroma/web/mastodon_api/controllers/media_controller_test.exs
@@ -122,6 +122,23 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do
 
       assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
     end
+
+    test "Do not allow nested filename", %{conn: conn, image: image} do
+      image = %Plug.Upload{
+        image
+        | filename: "../../../../../nested/file.jpg"
+      }
+
+      desc = "Description of the image"
+
+      media =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post("/api/v1/media", %{"file" => image, "description" => desc})
+        |> json_response_and_validate_schema(:ok)
+
+      refute Regex.match?(~r"/nested/", media["url"])
+    end
   end
 
   describe "Update media description" do
diff --git a/test/pleroma/web/mastodon_api/update_credentials_test.exs b/test/pleroma/web/mastodon_api/update_credentials_test.exs
index d5fac7e25..57fa0f047 100644
--- a/test/pleroma/web/mastodon_api/update_credentials_test.exs
+++ b/test/pleroma/web/mastodon_api/update_credentials_test.exs
@@ -383,6 +383,34 @@ defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
       assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
     end
 
+    test "Strip / from upload files", %{user: user, conn: conn} do
+      new_image = %Plug.Upload{
+        content_type: "image/jpeg",
+        path: Path.absname("test/fixtures/image.jpg"),
+        filename: "../../../../nested/an_image.jpg"
+      }
+
+      assert user.avatar == %{}
+
+      res =
+        patch(conn, "/api/v1/accounts/update_credentials", %{
+          "avatar" => new_image,
+          "header" => new_image,
+          "pleroma_background_image" => new_image
+        })
+
+      assert user_response = json_response_and_validate_schema(res, 200)
+      assert user_response["avatar"]
+      assert user_response["header"]
+      assert user_response["pleroma"]["background_image"]
+      refute Regex.match?(~r"/nested/", user_response["avatar"])
+      refute Regex.match?(~r"/nested/", user_response["header"])
+      refute Regex.match?(~r"/nested/", user_response["pleroma"]["background_image"])
+
+      user = User.get_by_id(user.id)
+      refute user.avatar == %{}
+    end
+
     test "requires 'write:accounts' permission" do
       token1 = insert(:oauth_token, scopes: ["read"])
       token2 = insert(:oauth_token, scopes: ["write", "follow"])