Commit graph

421 commits

Author SHA1 Message Date
Oneric
9a91299f96 Don't try to handle non-media objects as media
Trying to display non-media as media crashed the renderer,
but when posting a status with a valid, non-media object id
the post was still created, but then crashed e.g. timeline rendering.
It also crashed C2S inbox reads, so this could not be used to leak
private posts.
2024-05-22 20:30:23 +02:00
Oneric
0c2b33458d Restrict media usage to owners
In Mastodon media can only be used by owners and only be associated with
a single post. We currently allow media to be associated with several
posts and until now did not limit their usage in posts to media owners.
However, media update and GET lookup was already limited to owners.
(In accordance with allowing media reuse, we also still allow GET
lookups of media already used in a post unlike Mastodon)

Allowing reuse isn’t problematic per se, but allowing use by non-owners
can be problematic if media ids of private-scoped posts can be guessed
since creating a new post with this media id will reveal the uploaded
file content and alt text.
Given media ids are currently just part of a sequentieal series shared
with some other objects, guessing media ids is with some persistence
indeed feasible.

E.g. sampline some public media ids from a real-world
instance with 112 total and 61 monthly-active users:

  17.465.096  at  t0
  17.472.673  at  t1 = t0 + 4h
  17.473.248  at  t2 = t1 + 20min

This gives about 30 new ids per minute of which most won't be
local media but remote and local posts, poll answers etc.
Assuming the default ratelimit of 15 post actions per 10s, scraping all
media for the 4h interval takes about 84 minutes and scraping the 20min
range mere 6.3 minutes. (Until the preceding commit, post updates were
not rate limited at all, allowing even faster scraping.)
If an attacker can infer (e.g. via reply to a follower-only post not
accessbile to the attacker) some sensitive information was uploaded
during a specific time interval and has some pointers regarding the
nature of the information, identifying the specific upload out of all
scraped media for this timerange is not impossible.

Thus restrict media usage to owners.

Checking ownership just in ActivitDraft would already be sufficient,
since when a scheduled status actually gets posted it goes through
ActivityDraft again, but would erroneously return a success status
when scheduling an illegal post.

Independently discovered and fixed by mint in Pleroma
1afde067b1
2024-05-22 20:30:18 +02:00
Oneric
94e9c8f48a Purge unused media description update on post
In MastoAPI media descriptions are updated via the
media update API not upon post creation or post update.

This functionality was originally added about 6 years ago in
ba93396649 which was part of
https://git.pleroma.social/pleroma/pleroma/-/merge_requests/626 and
https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/450.
They introduced image descriptions to the front- and backend,
but predate adoption of Mastodon API.

For a while adding an `descriptions` array on post creation might have
continued to work as an undocumented Pleroma extension to Masto API, but
at latest when OpenAPI specs were added for those endpoints four years
ago in 7803a85d2c, these codepaths ceased
to be used. The API specs don’t list a `descriptions` parameter and
any unknown parameters are stripped out.

The attachments_from_ids function is only called from
ScheduledActivity and ActivityDraft.create with the latter
only being called by CommonAPI.{post,update} whihc in turn
are only called from ScheduledActivity again, MastoAPI controller
and without any attachment or description parameter WelcomeMessage.
Therefore no codepath can contain a descriptions parameter.
2024-05-22 20:18:08 +02:00
Oneric
873aa9da1c activity_draft: mark new/2 as private 2024-05-22 20:18:08 +02:00
FloatingGhost
98cb255d12 Support elixir1.15
OTP builds to 1.15

Changelog entry

Ensure policies are fully loaded

Fix :warn

use main branch for linkify

Fix warn in tests

Migrations for phoenix 1.17

Revert "Migrations for phoenix 1.17"

This reverts commit 6a3b2f15b74ea5e33150529385215b7a531f3999.

Oban upgrade

Add default empty whitelist

mix format

limit test to amd64

OTP 26 tests for 1.15

use OTP_VERSION tag

baka

just 1.15

Massive deps update

Update locale, deps

Mix format

shell????

multiline???

?

max cases 1

use assert_recieve

don't put_env in async tests

don't async conn/fs tests

mix format

FIx some uploader issues

Fix tests
2023-08-03 17:44:09 +01:00
tusooa
3095251e6c Dedupe poll options 2023-06-14 22:45:19 +00:00
ilja
b4952a81fe Interpret \n as newline for MFM
Markdown doesn't generally consider `\n` a newline,
but Misskey does for MFM.

Now we do to for MFM (and not for Markdown) :)
2023-02-18 19:56:11 +01:00
FloatingGhost
78c44f31ca fix no-language-specified federation 2023-01-11 15:25:34 +00:00
FloatingGhost
f86bf16430 Add language support on /api/v1/statuses 2023-01-10 10:29:17 +00:00
darkkirb
a8cd859ef9 Use actual ISO8601 timestamps for masto API (#425)
Some users post posts with spoofed timestamp, and some clients will have issues with certain dates. Tusky for example crashes if the date is any sooner than 1 BCE (“year zero” in the representation).

I limited the range of what is considered a valid date to be somewhere between the years 1583 and 9999 (inclusive).

The numbers have been chosen because:

- ISO 8601 only allows years before 1583 with “mutual agreement”
- Years after 9999 could cause issues with certain clients as well

Co-authored-by: Charlotte 🦝 Delenk <lotte@chir.rs>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/425
Co-authored-by: darkkirb <lotte@chir.rs>
Co-committed-by: darkkirb <lotte@chir.rs>
2023-01-09 22:12:28 +00:00
ilja
745e15468e Use same context for quote posts as the post that's being quoted (#379)
See https://akkoma.dev/AkkomaGang/akkoma/pulls/350#issuecomment-6109

When making quotes through Mast-API, they will now have the same context as the quoted post. This also results in them being showed when fetching the thread. I checked Misskey to see how it's there, and they show the quotes there as well, see e.g. <https://mk.toast.cafe/notes/98u1g0tulg>.

An example from Akkoma:

Co-authored-by: ilja <git@ilja.space>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/379
Reviewed-by: floatingghost <hannah@coffee-and-dreams.uk>
Co-authored-by: ilja <akkoma.dev@ilja.space>
Co-committed-by: ilja <akkoma.dev@ilja.space>
2022-12-31 18:09:27 +00:00
floatingghost
9be6caf125 argon2 password hashing (#406)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/406
2022-12-30 02:46:58 +00:00
floatingghost
2641dcdd15 Post editing (#202)
Rebased from #103

Co-authored-by: Tusooa Zhu <tusooa@kazv.moe>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/202
2022-09-06 19:24:02 +00:00
floatingghost
e9f1897cfd parser MFM server-side (#172)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/172
2022-08-18 03:14:48 +00:00
floatingghost
62e179f446 make conversation-id deterministic (#154)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/154
2022-08-06 20:59:15 +00:00
floatingghost
19a27ff006 allow small/center tags in misskeymarkdown (#132)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/132
2022-08-01 12:46:52 +00:00
floatingghost
1419eee5df Quote posting (#113)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/113
2022-07-25 16:30:06 +00:00
FloatingGhost
cf0ad02ea9 Remove scrobbling support 2022-07-19 15:07:45 +01:00
floatingghost
5ad256f170 [#58] pre-link MFM content (#59)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/59
2022-07-10 17:06:25 +00:00
FloatingGhost
0627da0027 mix format 2022-06-14 16:25:28 +01:00
FloatingGhost
4fb2251221 Allow authoring MFM 2022-06-14 15:56:12 +01:00
Haelwenn
773708cfe8 Merge branch 'builder-note' into 'develop'
CommonAPI.Utils.make_note_data/1 --> ActivityPub.Builder.note/1

See merge request pleroma/pleroma!3511
2021-08-14 18:32:40 +00:00
Alex Gleason
ba6049aa81
Builder.note/1: return {:ok, map(), keyword()} like other Builder functions 2021-08-14 11:24:55 -05:00
Alex Gleason
a2eacfc525
CommonAPI.Utils.make_note_data/1 --> ActivityPub.Builder.note/1 2021-08-14 11:01:06 -05:00
Haelwenn (lanodan) Monnier
436fac3bac
maybe_notify_subscribers: Don't create notifications from ingested messages 2021-08-11 20:49:38 +02:00
Alex Gleason
b99f60615c Fix order of Pleroma.Web.Utils.Params aliases 2021-06-08 12:50:47 -05:00
Alex Gleason
ec65b7ae29 Pleroma.Web.Params --> Pleroma.Web.Utils.Params 2021-06-08 12:50:47 -05:00
Alex Gleason
0877b120c3 Pleroma.Web.ControllerHelper.truthy_param?/1 --> Pleroma.Web.Params.truthy_param?/1
Breaks cycle in lib/pleroma/web/api_spec/operations/status_operation.ex
2021-06-08 12:50:47 -05:00
Alex Gleason
c435de426d
Merge remote-tracking branch 'pleroma/develop' into cycles-constants 2021-06-01 11:33:11 -05:00
Alex Gleason
10dfe81479
Pleroma.Constants.as_local_public/0 --> Pleroma.Web.ActivityPub.Utils.as_local_public/0
Move as_local_public/0 to stop making modules depend on Web at compile-time
2021-05-31 13:39:15 -05:00
Alex Gleason
52fc59f125
Merge remote-tracking branch 'upstream/develop' into earmark 2021-04-30 13:17:03 -05:00
Alex Gleason
6727a3659f
Remove Pleroma.Formatter.minify/2 2021-04-30 12:27:06 -05:00
rinpatch
d3660b24d3 Copy emoji in the subject from parent post
Sometimes people put emoji in the subject, which results in the subject
looking broken if someone replies to it from a server that does not
have the said emoji under the same shortcode. This patch solves the problem
by extending the emoji set available in the summary to that of the parent
post.
2021-03-22 21:20:47 +03:00
rinpatch
f930e83fa2 Merge branch 'fix/remove_auto_nsfw' into 'develop'
Remove sensitive setting #nsfw

See merge request pleroma/pleroma!3223
2021-03-19 08:48:22 +00:00
Mark Felder
b1e1db82bc Store application details in the object under the generator key, not application key 2021-03-01 11:29:10 -06:00
Haelwenn (lanodan) Monnier
3bc7d12271
Remove sensitive-property setting #nsfw, create HashtagPolicy 2021-02-27 21:26:17 +01:00
Mark Felder
3dc7e89c54 Ensure we capture the application details into the object 2021-02-09 18:07:15 -06:00
Haelwenn (lanodan) Monnier
c4439c630f
Bump Copyright to 2021
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;'
2021-01-13 07:49:50 +01:00
lain
e1e7e4d379 Object: Rework how Object.normalize works
Now it defaults to not fetching, and the option is named.
2021-01-04 13:38:31 +01:00
Haelwenn
3966add048 Revert "Merge branch 'features/hashtag-column' into 'develop'"
This reverts merge request !2824
2020-12-28 12:02:16 +00:00
Haelwenn (lanodan) Monnier
acb03d591b
Insert text representation of hashtags into object["hashtags"]
Includes a new mix task: pleroma.database fill_old_hashtags
2020-12-22 05:15:34 +01:00
Alex Gleason
f8c93246d6 Refactor Earmark code, fix tests 2020-12-11 17:22:42 -06:00
Alex Gleason
e9e17e5df3 Upgrade Earmark to v1.4.10 2020-12-11 17:22:17 -06:00
Egor Kislitsyn
af3f00292c
Fix formatting 2020-11-11 19:12:46 +04:00
Egor Kislitsyn
0118ccb53c
Add local visibility 2020-11-11 18:54:01 +04:00
minibikini
1bfd8528bb Merge branch 'develop' into 'feature/local-only-scope'
# Conflicts:
#   CHANGELOG.md
2020-10-27 18:59:19 +00:00
Egor Kislitsyn
2a475622ee
Add Pleroma.Constants.as_local_public/0 2020-10-15 19:07:00 +04:00
Egor Kislitsyn
4f79bbbc31
Add local-only statuses 2020-10-15 18:37:44 +04:00
Mark Felder
64553ebae2 Merge branch 'develop' into chore/elixir-1.11 2020-10-13 09:54:53 -05:00
Alexander Strizhakov
9f4fe5485b
alias alphabetically order 2020-10-13 16:43:59 +03:00