summaryrefslogtreecommitdiff
path: root/test
AgeCommit message (Collapse)Author
2023-08-04release_runtime_provider_test: chmod config for hardened permissionsHaelwenn (lanodan) Monnier
Git doesn't manages file permissions precisely enough for us.
2023-08-04Resolve information disclosure vulnerability through emoji pack archive ↵Mark Felder
download endpoint The pack name has been sanitized so an attacker cannot upload a media file called pack.json with their own handcrafted list of emoji files as arbitrary files on the filesystem and then call the emoji pack archive download endpoint with a pack name crafted to the location of the media file they uploaded which tricks Pleroma into generating a zip file of the target files the attacker wants to download. The attack only works if the Pleroma instance does not have the AnonymizeFilename upload filter enabled, which is currently the default. Reported by: graf@poast.org
2023-08-03Merge branch 'tusooa/3154-attachment-type-check' into 'develop'Haelwenn
Restrict attachments to only uploaded files only Closes #3154 See merge request pleroma/pleroma!3923
2023-07-28status context: perform visibility check on activities around a statusfaried nawaz
issue #2927
2023-07-18Restrict attachments to only uploaded files onlytusooa
2023-07-07Make regex-to-string descriptor reusabletusooa
2023-07-07Fix edge casestusooa
2023-07-07Test that unicode emoji reactions are not affectedtusooa
2023-07-07Make EmojiPolicy aware of custom emoji reactionstusooa
2023-07-07EmojiPolicy: Implement delisttusooa
2023-07-07EmojiPolicy: implement remove by shortcodetusooa
2023-07-07Add emoji policy to remove emojis matching certain urlstusooa
https://git.pleroma.social/pleroma/pleroma/-/issues/2775
2023-07-02Merge branch 'testfix/system-config-use' into 'develop'Haelwenn
release_runtime_provider_test: Explicitely use non-existant config file See merge request pleroma/pleroma!3910
2023-07-02Merge branch 'tusooa/3131-handle-report-from-deactivated-user' into 'develop'Haelwenn
Fix handling report from a deactivated user Closes #3131 See merge request pleroma/pleroma!3915
2023-07-02Fix handling report from a deactivated usertusooa
2023-07-02Fix user fetch completely broken if featured collection is not in a ↵tusooa
supported form
2023-07-01Merge branch 'bugfix/full-revert-media-host-validation' into 'develop'tusooa
Merge Revert "Merge branch 'validate-host' into 'develop'" Closes #3136 See merge request pleroma/pleroma!3909
2023-06-27Merge branch 'instance-nodeinfo-metadata' into 'develop'developHaelwenn
instances: Store some metadata based on NodeInfo See merge request pleroma/pleroma!3853
2023-06-27Merge branch 'tusooa/3119-bio-update' into 'develop'Haelwenn
Show more informative errors when profile exceeds char limits Closes #3119 See merge request pleroma/pleroma!3886
2023-06-27Merge branch 'from/upstream-develop/tusooa/backup-status' into 'develop'Haelwenn
Detail backup states Closes #3024 See merge request pleroma/pleroma!3809
2023-06-27release_runtime_provider_test: Explicitely use non-existant config fileHaelwenn (lanodan) Monnier
2023-06-22Merge Revert "Merge branch 'validate-host' into 'develop'"Haelwenn (lanodan) Monnier
This reverts commit d998a114e26033e98e87778e5ca659aff91831bf, reversing changes made to da6b4003acad84b0f60ad8da6d08cfe13564b058.
2023-06-11Merge branch 'tusooa/3054-banned-delete' into 'develop'lain
Fix deleting banned users' statuses See merge request pleroma/pleroma!3889
2023-06-11B ForceMentionsInContent: Fix test, refactor.Lain Soykaf
2023-06-11Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into ↵Lain Soykaf
pleroma-double_mentions
2023-06-11Merge branch 'fix/metadata-tags' into 'develop'lain
static frontend: fix meta tags See merge request pleroma/pleroma!3885
2023-06-11Merge branch 'cleanup/ostatus-user-upgrade' into 'develop'lain
Cleanup OStatus-era user upgrades and ap_enabled indicator See merge request pleroma/pleroma!3880
2023-06-11Merge branch 'revert-mediaproxy-host-validation' into 'develop'feld
Revert MediaProxy Host header validation See merge request pleroma/pleroma!3902
2023-06-11Merge branch 'fep-fffd-url' into 'develop'lain
CommonFields: Use BareUri for :url Closes #3121 See merge request pleroma/pleroma!3884
2023-06-07Revert MediaProxy Host header validationMark Felder
Something is going wrong here even though the tests are correct.
2023-05-31Use Phoenix.ConnTest.redirected_to/2Mark Felder
2023-05-31Merge branch 'validate-host' into 'develop'Haelwenn
Validate Host header for MediaProxy and Uploads See merge request pleroma/pleroma!3896
2023-05-30Switch from serving a 400 to a 302Mark Felder
2023-05-29Add OnlyMedia Upload Filter to simplify restricting uploads to audio, image, ↵Mark Felder
and video types
2023-05-29Remove unwanted parameterMark Felder
2023-05-29Validate Host header matches expected value before allowing access to UploadsMark Felder
2023-05-29Validate Host header matches expected value before allowing access to MediaProxyMark Felder
2023-05-29ConnCase: Make sure the host we use in tests is the actual Endpoint hostMark Felder
2023-05-29oops, forgot the test casesfaried nawaz
2023-05-26Merge branch 'release/2.5.2' into mergeback/2.5.2Haelwenn (lanodan) Monnier
2023-05-26Filter OEmbed HTML tagsMark Felder
2023-05-26Filter OEmbed HTML tagsMark Felder
2023-05-26Enforce unauth restrictions for public streaming endpointstusooa
2023-05-26Merge branch 'issue/3126' into 'develop'Haelwenn
MediaProxyController: Apply CSP sandbox See merge request pleroma/pleroma!3890
2023-05-26Merge branch 'tusooa/rework-refetch' into 'develop'Haelwenn
Make sure object refetching follows update rules See merge request pleroma/pleroma!3883
2023-05-26MediaProxyController: Apply CSP sandboxMark Felder
2023-05-26ForceMentionsInContent: fix double mentions for Mastodon/Misskey postsZero
The code checked for duplicates using "ap_id", but in Mastodon and Misskey the look like that: Mastodon: https://mastodon.example.com/users/roger Misskey: https:///misskey.example.com/users/104ab42f11 The fix is to also check for "uri", which is what will be in the "explicitly_mentioned_uris" list: Mastodon: https://mastodon.example.com/@roger Misskey: https://misskey.example.com/@roger
2023-05-25Fix deleting banned users' statusestusooa
2023-05-25Show more informative errors when profile exceeds char limitstusooa
2023-05-17Merge branch 'accept-tags-2.5' into 'develop'Haelwenn
TagValidator: Drop unrecognized Tag types Closes #2952 See merge request pleroma/pleroma!3823
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 16:34:28 +0000