| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2023-09-13 | StatusView: fix quote visibility | Alex Gleason | |
| 2023-09-13 | CommonAPI: disallow quoting private posts through the API | Alex Gleason | |
| 2023-09-13 | Add InlineQuotePolicy to force quote URLs inline | Alex Gleason | |
| 2023-09-13 | ActivityDraft: mix format, defensive actor ID | Alex Gleason | |
| 2023-09-13 | ActivityDraft: mention the OP of a quoted post | Alex Gleason | |
| 2023-09-13 | Return quote_url through the API, don't render quotes more than 1 level deep | Alex Gleason | |
| 2023-09-13 | InstanceView: add "quote_posting" feature | Alex Gleason | |
| 2023-09-13 | mix format | Alex Gleason | |
| 2023-09-13 | ActivityDraft: allow quoting | Alex Gleason | |
| 2023-09-13 | ActivityDraft: create quote posts | Alex Gleason | |
| 2023-09-13 | StatusView: render the whole quoted status | Alex Gleason | |
| 2023-09-13 | StatusView: show quoted posts through the API, probably | Alex Gleason | |
| 2023-09-13 | Transmogrifier: fix quoteUrl here too | Alex Gleason | |
| 2023-09-13 | Transmogrifier: fetch quoted post | Alex Gleason | |
| 2023-09-13 | ObjectValidators: improve quoteUrl compatibility | Alex Gleason | |
| 2023-09-13 | ObjectValidators: accept "quoteUrl" field | Alex Gleason | |
| 2023-09-11 | Rename test | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-09-07 | Rename MapOfString to ContentLanguageMap | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-09-07 | Update InstanceView.features | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-09-03 | CommonAPI: Prevent users from accessing media of other users | Mint | |
| 2023-08-31 | Move is_good_locale_code? to object validator | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-08-30 | Make lint happy | tusooa | |
| 2023-08-20 | Remove test | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-08-19 | Move maybe_add_content_map out of Transmogrifier, use code from tusooa's ↵ | marcin mikołajczak | |
| branch for MapOfString Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-08-19 | Move `maybe_add_language` to CommonFixes | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-08-16 | Merge branch 'csp-flash' into 'develop' | Haelwenn | |
| allow https: so that flash works across instances without need for media proxy See merge request pleroma/pleroma!3879 | |||
| 2023-08-16 | Apply lanodan's suggestion(s) to 1 file(s) | Haelwenn | |
| 2023-08-11 | Lint | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-08-11 | Make status.language == nil for 'und' value | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-08-11 | InstanceView: Add common_information function | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-08-11 | Add ObjectValidators.LanguageCode type | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-08-11 | Apply lanodan's suggestion | Haelwenn | |
| 2023-08-11 | Implement api/v2/instance route | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-08-11 | Allow to specify post language | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-08-05 | Completely disable xml entity resolution | mae | |
| 2023-08-04 | Prevent XML parser from loading external entities | Mae | |
| 2023-08-04 | instance gen: Reduce permissions of pleroma directories and config files | Haelwenn (lanodan) Monnier | |
| 2023-08-04 | Config: Restrict permissions of OTP config file | Haelwenn (lanodan) Monnier | |
| 2023-08-04 | Resolve information disclosure vulnerability through emoji pack archive ↵ | Mark Felder | |
| download endpoint The pack name has been sanitized so an attacker cannot upload a media file called pack.json with their own handcrafted list of emoji files as arbitrary files on the filesystem and then call the emoji pack archive download endpoint with a pack name crafted to the location of the media file they uploaded which tricks Pleroma into generating a zip file of the target files the attacker wants to download. The attack only works if the Pleroma instance does not have the AnonymizeFilename upload filter enabled, which is currently the default. Reported by: graf@poast.org | |||
| 2023-08-03 | Merge branch 'tusooa/3154-attachment-type-check' into 'develop' | Haelwenn | |
| Restrict attachments to only uploaded files only Closes #3154 See merge request pleroma/pleroma!3923 | |||
| 2023-07-28 | cleaner ecto query to handle restrict_unauthenticated for activities | Faried Nawaz | |
| This fix is for this case: config :pleroma, :restrict_unauthenticated, activities: %{local: true, remote: true} | |||
| 2023-07-28 | status context: perform visibility check on activities around a status | faried nawaz | |
| issue #2927 | |||
| 2023-07-18 | Restrict attachments to only uploaded files only | tusooa | |
| 2023-07-17 | Merge branch '2023-06-deps-update' into 'develop' | Haelwenn | |
| 2023-06 deps update + de-override plug See merge request pleroma/pleroma!3911 | |||
| 2023-07-07 | Make regex-to-string descriptor reusable | tusooa | |
| 2023-07-07 | Fix edge cases | tusooa | |
| 2023-07-07 | Make EmojiPolicy aware of custom emoji reactions | tusooa | |
| 2023-07-07 | Improve config examples for EmojiPolicy | tusooa | |
| 2023-07-07 | Move emoji_policy.ex to the right place | tusooa | |
| 2023-07-07 | EmojiPolicy: Implement delist | tusooa | |
 |
index : pleroma | |
| Unnamed repository; edit this file 'description' to name the repository. |
| summaryrefslogtreecommitdiff |