| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2023-09-13 | Fix TransmogrifierTest | tusooa | |
| 2023-09-13 | Add mrf to force link tag of quoting posts | tusooa | |
| 2023-09-13 | Keep incoming Link tag | tusooa | |
| 2023-09-13 | Parse object link as quoteUrl | tusooa | |
| 2023-09-13 | Allow more flexibility in InlineQuotePolicy | tusooa | |
| 2023-09-13 | Fix CommonAPITest | tusooa | |
| 2023-09-13 | Allow local quote and private self-quote | tusooa | |
| 2023-09-13 | InlineQuotePolicy: skip objects which already have an .inline-quote span | Alex Gleason | |
| 2023-09-13 | Actually, don't send _misskey_quote anymore | Alex Gleason | |
| 2023-09-13 | InlineQuotePolicy: improve the way Markdown quotes are displayed by other ↵ | Alex Gleason | |
| software | |||
| 2023-09-13 | Handle Fedibird's new quoteUri field | Alex Gleason | |
| 2023-09-13 | Transmogrifier: federate quotes with _misskey_quote field | Alex Gleason | |
| 2023-09-13 | StatusView: return quote post inside a reblog | Alex Gleason | |
| 2023-09-13 | InlineQuotePolicy: don't add line breaks to markdown posts | Alex Gleason | |
| 2023-09-13 | StatusView: add `quote_visible` param | Alex Gleason | |
| 2023-09-13 | StatusView: fix quote visibility | Alex Gleason | |
| 2023-09-13 | CommonAPI: disallow quoting private posts through the API | Alex Gleason | |
| 2023-09-13 | Add InlineQuotePolicy to force quote URLs inline | Alex Gleason | |
| 2023-09-13 | ActivityDraft: mix format, defensive actor ID | Alex Gleason | |
| 2023-09-13 | ActivityDraft: mention the OP of a quoted post | Alex Gleason | |
| 2023-09-13 | Return quote_url through the API, don't render quotes more than 1 level deep | Alex Gleason | |
| 2023-09-13 | Fix typos | Alex Gleason | |
| 2023-09-13 | TransmogrifierTest: prepare an outgoing quote post | Alex Gleason | |
| 2023-09-13 | StatusControllerTest: test creating a quote post | Alex Gleason | |
| 2023-09-13 | BuilderTest: build quote post | Alex Gleason | |
| 2023-09-13 | ActivityDraft: allow quoting | Alex Gleason | |
| 2023-09-13 | StatusView: render the whole quoted status | Alex Gleason | |
| 2023-09-13 | Transmogrifier: fetch quoted post | Alex Gleason | |
| 2023-09-13 | ObjectValidators: improve quoteUrl compatibility | Alex Gleason | |
| 2023-09-13 | Quote post: add fixtures | Alex Gleason | |
| 2023-09-11 | Rename test | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-09-07 | Rename MapOfString to ContentLanguageMap | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-09-03 | CommonAPI: Prevent users from accessing media of other users | Mint | |
| 2023-08-20 | Remove test | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-08-19 | Move maybe_add_content_map out of Transmogrifier, use code from tusooa's ↵ | marcin mikołajczak | |
| branch for MapOfString Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-08-11 | Remove test | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-08-11 | Rename test | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-08-11 | Make status.language == nil for 'und' value | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-08-11 | Add ObjectValidators.LanguageCode type | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-08-11 | Implement api/v2/instance route | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-08-11 | Allow to specify post language | marcin mikołajczak | |
| Signed-off-by: marcin mikołajczak <git@mkljczk.pl> | |||
| 2023-08-05 | Completely disable xml entity resolution | mae | |
| 2023-08-05 | Add unit test for external entity loading | FloatingGhost | |
| 2023-08-04 | release_runtime_provider_test: chmod config for hardened permissions | Haelwenn (lanodan) Monnier | |
| Git doesn't manages file permissions precisely enough for us. | |||
| 2023-08-04 | Resolve information disclosure vulnerability through emoji pack archive ↵ | Mark Felder | |
| download endpoint The pack name has been sanitized so an attacker cannot upload a media file called pack.json with their own handcrafted list of emoji files as arbitrary files on the filesystem and then call the emoji pack archive download endpoint with a pack name crafted to the location of the media file they uploaded which tricks Pleroma into generating a zip file of the target files the attacker wants to download. The attack only works if the Pleroma instance does not have the AnonymizeFilename upload filter enabled, which is currently the default. Reported by: graf@poast.org | |||
| 2023-08-03 | Merge branch 'tusooa/3154-attachment-type-check' into 'develop' | Haelwenn | |
| Restrict attachments to only uploaded files only Closes #3154 See merge request pleroma/pleroma!3923 | |||
| 2023-07-28 | status context: perform visibility check on activities around a status | faried nawaz | |
| issue #2927 | |||
| 2023-07-18 | Restrict attachments to only uploaded files only | tusooa | |
| 2023-07-07 | Make regex-to-string descriptor reusable | tusooa | |
| 2023-07-07 | Fix edge cases | tusooa | |
 |
index : pleroma | |
| Unnamed repository; edit this file 'description' to name the repository. |
| summaryrefslogtreecommitdiff |