Michael [Thu, 29 Feb 2024 07:37:58 +0000 (07:37 +0000)]
Issue 13819: Ensure to not use OEmbed if not wanted
Hypolite Petovan [Sun, 25 Feb 2024 15:01:34 +0000 (10:01 -0500)]
Merge pull request #13938 from annando/output-type
Image handling: separate between output and input type, use Imagick on PNG
Michael [Sun, 25 Feb 2024 08:52:52 +0000 (08:52 +0000)]
Image handling: separate between outout and input type, use Imagick on PNG
Tobias Diekershoff [Sat, 24 Feb 2024 17:56:11 +0000 (18:56 +0100)]
Merge pull request #13936 from annando/rounding
Round the load to two digits
Michael [Sat, 24 Feb 2024 17:37:30 +0000 (17:37 +0000)]
Round the load to two digits
Hypolite Petovan [Sat, 24 Feb 2024 16:03:48 +0000 (11:03 -0500)]
Merge pull request #13932 from annando/oembed-cleanup
Unused OEmbed functionality is removed
Michael [Sat, 24 Feb 2024 15:29:33 +0000 (15:29 +0000)]
Updated messages.po
Michael [Sat, 24 Feb 2024 15:11:27 +0000 (15:11 +0000)]
Use media link instead of proxy for pictures
Michael [Sat, 24 Feb 2024 13:56:12 +0000 (13:56 +0000)]
Fixed positive list
Michael Vogel [Sat, 24 Feb 2024 12:18:44 +0000 (13:18 +0100)]
Onepoll: Prevent errors with invalid mails (#13934)
Michael [Sat, 24 Feb 2024 11:56:55 +0000 (11:56 +0000)]
messages.po updated
Michael [Sat, 24 Feb 2024 11:54:35 +0000 (11:54 +0000)]
Merge remote-tracking branch 'upstream/2024.03-rc' into oembed-cleanup
Michael Vogel [Sat, 24 Feb 2024 11:40:19 +0000 (12:40 +0100)]
Merge pull request #13933 from annando/fix2
Accidentally merged changes are reverted
Michael [Sat, 24 Feb 2024 11:35:32 +0000 (11:35 +0000)]
Accidentally changes are reverted
Michael [Sat, 24 Feb 2024 11:01:44 +0000 (11:01 +0000)]
Merge branch '2024.03-rc' of https://github.com/friendica/friendica into 2024.03-rc
Michael [Sat, 24 Feb 2024 11:01:34 +0000 (11:01 +0000)]
OEmbed: Complete cleanup
Michael [Sat, 24 Feb 2024 10:58:18 +0000 (10:58 +0000)]
Unused OEmbed functionality is removed
Michael Vogel [Sat, 24 Feb 2024 08:39:31 +0000 (09:39 +0100)]
Merge pull request #13931 from MrPetovan/bug/13930-photo-preview-sizes
Increase API photo preview size for Mastodon API to 640
Hypolite Petovan [Fri, 23 Feb 2024 03:57:57 +0000 (22:57 -0500)]
Increase API photo preview size for Mastodon API to 640
Hypolite Petovan [Fri, 23 Feb 2024 03:57:20 +0000 (22:57 -0500)]
Remove photo user id fallback from 2021
- Remove deprecated /photos/{nickname} fallback routes
- The contact id fallback is a lie, there's no replacement feature
Hypolite Petovan [Thu, 22 Feb 2024 20:08:32 +0000 (15:08 -0500)]
Check form security token in /settings/userexport module (#13929)
* Escape HTML in the location field of a calendar event post
- This allowed script tags to be interpreted in the post display of an event.
* Add form security token check to /admin/phpinfo module
- This prevents basic XSS attacks against /admin/phpinfo
* Add form security token check to /babel module
- This prevents basic XSS attacks against /babel
* Prevent pass-through for attachments
- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload
* Prevent overwriting cid on event edit
- This allowed to share an event as any other user after zeroing the cid field of an existing event
* Check form security token in /settings/userexport module
- Prevents basic XSS attacks against /settings/userexport/*
Hypolite Petovan [Thu, 22 Feb 2024 05:53:52 +0000 (00:53 -0500)]
Fix several vulnerabilities (#13927)
* Escape HTML in the location field of a calendar event post
- This allowed script tags to be interpreted in the post display of an event.
* Add form security token check to /admin/phpinfo module
- This prevents basic XSS attacks against /admin/phpinfo
* Add form security token check to /babel module
- This prevents basic XSS attacks against /babel
* Prevent pass-through for attachments
- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload
* Prevent overwriting cid on event edit
- This allowed to share an event as any other user after zeroing the cid field of an existing event
Michael Vogel [Wed, 21 Feb 2024 17:23:36 +0000 (18:23 +0100)]
Updated Bluesky logo (#13926)
Michael Vogel [Tue, 20 Feb 2024 06:11:26 +0000 (07:11 +0100)]
Issue 13909: Filter channels by network (#13924)
Michael Vogel [Tue, 20 Feb 2024 06:09:55 +0000 (07:09 +0100)]
Issue 13922: "voted" must not be null (#13923)
Hypolite Petovan [Mon, 19 Feb 2024 10:57:47 +0000 (05:57 -0500)]
Merge pull request #13921 from annando/content-type
Check for activity pub mime types
Michael Vogel [Mon, 19 Feb 2024 08:33:20 +0000 (09:33 +0100)]
Disallow mail addresses for registration (#13920)
* Disallow mail addresses for registration
* Order for allow/disallow has been changed
Michael [Mon, 19 Feb 2024 07:11:56 +0000 (07:11 +0000)]
Check for activity pub mime types
Michael Vogel [Mon, 19 Feb 2024 06:22:19 +0000 (07:22 +0100)]
Avoid problems with an empty domain in the blocklist (#13919)
* Avoid problems with an empty domain in the blocklist
* Test code removed
Michael Vogel [Mon, 19 Feb 2024 03:05:42 +0000 (04:05 +0100)]
Merge pull request #13918 from MrPetovan/bug/fixup-13911
Move Api\Mastodon\Instance\Extended to ExtendedDescription
Hypolite Petovan [Sun, 18 Feb 2024 23:48:37 +0000 (18:48 -0500)]
Clarify condition on offset in Mastodon\Search->searchStatuses
Hypolite Petovan [Sun, 18 Feb 2024 23:47:59 +0000 (18:47 -0500)]
Move Api\Mastodon\Instance\Extended to ExtendedDescription
- Add reference to Mastodon documentation
Michael Vogel [Sun, 18 Feb 2024 19:17:06 +0000 (20:17 +0100)]
Issue 13293: Endpoint /api/v1/accounts/lookup implemented (#13917)
Michael Vogel [Sun, 18 Feb 2024 19:09:56 +0000 (20:09 +0100)]
Issue #13899: Fix error on postupdate (#13915)
Michael Vogel [Sun, 18 Feb 2024 19:07:51 +0000 (20:07 +0100)]
Issue #13823: Fix "Mutes" endpoint (#13916)
Michael Vogel [Sun, 18 Feb 2024 14:54:21 +0000 (15:54 +0100)]
New channel "quiet sharers" for posts from lesser frequent posters (#13913)
Michael Vogel [Sun, 18 Feb 2024 14:52:30 +0000 (15:52 +0100)]
Fix API issues #13887, #13886, #13863, #13809, #13897 (#13911)
Michael Vogel [Sun, 18 Feb 2024 14:46:41 +0000 (15:46 +0100)]
Issue 13905: ostatus context added (#13912)
Michael Vogel [Sun, 18 Feb 2024 04:33:41 +0000 (05:33 +0100)]
Merge pull request #13908 from MrPetovan/bug/warnings
Avoid passing null bytes in regular expression in Object\Image
Hypolite Petovan [Sun, 18 Feb 2024 03:30:56 +0000 (22:30 -0500)]
Merge pull request #13907 from annando/fix-relations
Fix contact-relation follower calculation
Hypolite Petovan [Sun, 18 Feb 2024 03:27:37 +0000 (22:27 -0500)]
Avoid passing null bytes in regular expression in Object\Image
- Remove capturing expression for A|B in favor of bracket syntax in regular expression since matches aren't used.
- Regular expressions have their own character escape notation including backslashes that need to be escaped in a PHP string.
- Actually address https://github.com/friendica/friendica/issues/13761#issuecomment-
1949930922
Michael [Sat, 17 Feb 2024 21:56:56 +0000 (21:56 +0000)]
Merge remote-tracking branch 'upstream/2024.03-rc' into fix-relations
Michael [Sat, 17 Feb 2024 21:32:17 +0000 (21:32 +0000)]
Fix comtact-relation follower calculation
Michael Vogel [Sat, 17 Feb 2024 14:46:48 +0000 (15:46 +0100)]
Fix the handling of unhandled image types and of animations (#13904)
* Fix the handling of unhandled image types and of animations
* Avoid warnings
Michael [Sat, 17 Feb 2024 10:50:09 +0000 (10:50 +0000)]
Revert "Fix unhandled image detection"
This reverts commit
1069cfb57043ab4c9f202157488a85aca61289ee.
Michael [Sat, 17 Feb 2024 10:46:48 +0000 (10:46 +0000)]
Fix unhandled image detection
Michael Vogel [Sat, 17 Feb 2024 06:45:41 +0000 (07:45 +0100)]
Image handling reworked, new image formats added (#13900)
* Image handling reworked, new image formats added
* Updated messages.po
* The dot is now part of the file extension
* Added WebP in install documentation
* Handle unhandled mime types
* Fixed animated picture detected
Tobias Diekershoff [Wed, 14 Feb 2024 07:24:41 +0000 (08:24 +0100)]
bump version to 2024.03-rc
Michael Vogel [Tue, 13 Feb 2024 05:50:46 +0000 (06:50 +0100)]
Prevent users from following relay accounts (#13894)
Hypolite Petovan [Tue, 13 Feb 2024 04:55:01 +0000 (23:55 -0500)]
Merge pull request #13893 from annando/fix-relay-unsubscribe
Fixed relay detection on unsubscription
Michael [Tue, 13 Feb 2024 04:30:38 +0000 (04:30 +0000)]
Fixed relay detection on unsubscription
Hypolite Petovan [Tue, 13 Feb 2024 03:30:31 +0000 (22:30 -0500)]
Merge pull request #13892 from annando/no-preview-on-sensitive
Don't display preview images for links, when the post is marked as sensitive
Hypolite Petovan [Mon, 12 Feb 2024 20:28:04 +0000 (15:28 -0500)]
Merge pull request #13889 from annando/issue-13884
Issue 13884: Sanitation of links in BBCode parser
Michael [Mon, 12 Feb 2024 06:01:07 +0000 (06:01 +0000)]
Don't display preview images for links, when the post is marked as sensitive
Michael [Mon, 12 Feb 2024 05:40:09 +0000 (05:40 +0000)]
Link sanitation added to some more places
Michael [Mon, 12 Feb 2024 05:21:13 +0000 (05:21 +0000)]
Sanitize links before storing them
Michael [Mon, 12 Feb 2024 04:46:20 +0000 (04:46 +0000)]
urlencode for tags / fix smiley replacement
Michael [Mon, 12 Feb 2024 04:44:13 +0000 (04:44 +0000)]
Function renamed
Michael [Sun, 11 Feb 2024 12:05:31 +0000 (12:05 +0000)]
Issue 13884: Sanitation of links in BBCode parser
Michael Vogel [Sun, 11 Feb 2024 02:13:28 +0000 (03:13 +0100)]
Merge pull request #13880 from MrPetovan/bug/13878-deprecate-star-list
Deprecate use of [*] BBCode tag for list items in favor of [li]
Hypolite Petovan [Sat, 10 Feb 2024 16:13:16 +0000 (11:13 -0500)]
Merge pull request #13881 from annando/valid-object
Ckeck for host differences of fetched activities
Michael [Sat, 10 Feb 2024 11:46:42 +0000 (11:46 +0000)]
Updated messages.po
Michael [Sat, 10 Feb 2024 11:39:47 +0000 (11:39 +0000)]
Merge branch 'develop' of https://github.com/annando/friendica into develop
Michael [Sat, 10 Feb 2024 11:34:17 +0000 (11:34 +0000)]
Merge remote-tracking branch 'upstream/develop' into valid-object
Michael Vogel [Sat, 10 Feb 2024 08:50:49 +0000 (09:50 +0100)]
User setting to disable blurring of sensitive pictures (#13883)
Michael Vogel [Sat, 10 Feb 2024 08:31:58 +0000 (09:31 +0100)]
Merge pull request #13882 from tobiasd/
20240210-lng
update translations
Michael [Sat, 10 Feb 2024 08:27:54 +0000 (08:27 +0000)]
User setting to disable blurring of sensitive pictures
Tobias Diekershoff [Sat, 10 Feb 2024 07:57:19 +0000 (08:57 +0100)]
update translations
Michael Vogel [Sat, 10 Feb 2024 06:16:48 +0000 (07:16 +0100)]
Merge pull request #13879 from MrPetovan/bug/13877-fpostit-ssrf
Remove deprecated fpostit mod
Michael [Sat, 10 Feb 2024 04:58:11 +0000 (04:58 +0000)]
Ckeck for host differences of fetched objects
Hypolite Petovan [Sat, 10 Feb 2024 01:33:42 +0000 (20:33 -0500)]
Deprecate use of [*] BBCode tag for list items in favor of [li]
- It is conflicting with Markdown syntax
Hypolite Petovan [Sat, 10 Feb 2024 01:17:35 +0000 (20:17 -0500)]
Remove deprecated fpostit mod
- This feature allowed unauthenticated requests to arbitrary domains.
Hypolite Petovan [Wed, 7 Feb 2024 02:19:36 +0000 (21:19 -0500)]
Merge pull request #13876 from annando/sensitive2
Sensitive previews are now blurred
Michael [Tue, 6 Feb 2024 16:30:46 +0000 (16:30 +0000)]
"sensitive" is added to the API
Michael [Tue, 6 Feb 2024 16:15:58 +0000 (16:15 +0000)]
Sensitive previews are now blurred
Hypolite Petovan [Tue, 6 Feb 2024 10:54:26 +0000 (05:54 -0500)]
Merge pull request #13872 from friendica/issue-13845
Issue 13845: Support "sensitive" attribute
Michael [Tue, 6 Feb 2024 09:47:38 +0000 (09:47 +0000)]
Merge remote-tracking branch 'upstream/develop' into issue-13845
Hypolite Petovan [Tue, 6 Feb 2024 08:27:59 +0000 (03:27 -0500)]
Merge pull request #13874 from annando/media-card-post
Two new search options "media:card" and "media:post"
Michael [Tue, 6 Feb 2024 06:34:16 +0000 (06:34 +0000)]
We now use xonstants
Michael [Mon, 5 Feb 2024 22:21:58 +0000 (22:21 +0000)]
Two new search options "media:card" and "media:post"
Michael [Mon, 5 Feb 2024 22:17:43 +0000 (22:17 +0000)]
Merge remote-tracking branch 'upstream/develop' into issue-13845
Hypolite Petovan [Mon, 5 Feb 2024 20:20:23 +0000 (15:20 -0500)]
Merge pull request #13873 from annando/libpng
Possible fixes "libpng warning: Interlace handling should be turned on when using png_read_image"
Michael [Mon, 5 Feb 2024 18:16:47 +0000 (18:16 +0000)]
Possible fixes "libpng warning: Interlace handling should be turned on when using png_read_image"
Michael [Mon, 5 Feb 2024 12:21:57 +0000 (12:21 +0000)]
"sensitive" added to fierld list
Michael [Mon, 5 Feb 2024 06:31:08 +0000 (06:31 +0000)]
Merge remote-tracking branch 'upstream/develop' into issue-13845
Hypolite Petovan [Mon, 5 Feb 2024 04:29:38 +0000 (23:29 -0500)]
Merge pull request #13871 from annando/channel-network
Issue 13844: User defined channels based on the network
Michael [Sun, 4 Feb 2024 21:45:30 +0000 (21:45 +0000)]
Issue 13845: Support "sensitive" attribute
Michael [Sun, 4 Feb 2024 16:36:25 +0000 (16:36 +0000)]
Merge remote-tracking branch 'upstream/develop' into channel-network
Hypolite Petovan [Sun, 4 Feb 2024 14:18:02 +0000 (09:18 -0500)]
Merge pull request #13870 from annando/channel-languages
Fix: Saving of channel languages
Michael [Sun, 4 Feb 2024 07:14:57 +0000 (07:14 +0000)]
Issue 13844: User defined channels based on the network
Michael [Sat, 3 Feb 2024 11:06:05 +0000 (11:06 +0000)]
Additional revert
Michael [Sat, 3 Feb 2024 11:04:42 +0000 (11:04 +0000)]
Revert test changes / added saving of languages
Michael [Sat, 3 Feb 2024 11:01:17 +0000 (11:01 +0000)]
Fix: Saving of channel languages
Hypolite Petovan [Fri, 2 Feb 2024 17:18:11 +0000 (12:18 -0500)]
Merge pull request #13869 from annando/engagement-searchindex
Unify searchindex table with engagement table
Michael [Fri, 2 Feb 2024 16:05:24 +0000 (16:05 +0000)]
Search for tags and media in full text when doing full text searches
Michael [Fri, 2 Feb 2024 10:46:20 +0000 (10:46 +0000)]
"media" is added to the search text
Michael [Fri, 2 Feb 2024 07:05:39 +0000 (07:05 +0000)]
language field renamed to "language"
Michael [Thu, 1 Feb 2024 23:08:53 +0000 (23:08 +0000)]
Unify searchindex table with engagement table
Hypolite Petovan [Thu, 1 Feb 2024 21:48:55 +0000 (16:48 -0500)]
Merge pull request #13866 from annando/channel-reshare-privat
Channel relay reshares are now private follwers posts
Michael [Thu, 1 Feb 2024 19:41:35 +0000 (19:41 +0000)]
Merge remote-tracking branch 'upstream/develop' into channel-reshare-privat