Commit Graph

10 Commits

Author SHA1 Message Date
rinpatch 6ca709816f Fix object spoofing vulnerability in attachments
Validate the content-type of the response when fetching an object,
according to https://www.w3.org/TR/activitypub/#x3-2-retrieving-objects.

content-type headers had to be added to many mocks in order to support
this, some of this was done with a regex. While I did go over the
resulting files to check I didn't modify anything unrelated, there is a
 possibility I missed something.

Closes pleroma#1948
2020-11-12 15:25:33 +03:00
lain 60e379ce0b User: Correctly handle whitespace names. 2020-10-23 13:53:01 +02:00
feld d6907e6e0c Merge branch 'chore/elixir-1.11' into 'develop'
Elixir 1.11 compatibility / Phoenix 1.5+

See merge request pleroma/pleroma!3059
2020-10-22 20:33:52 +00:00
Ivan Tashkinov 9ea31b373f Merge remote-tracking branch 'remotes/origin/develop' into chore/elixir-1.11 2020-10-17 17:53:47 +03:00
Egor Kislitsyn 3985c1b450
Fix warnings 2020-10-15 16:54:59 +04:00
lain 7a2f100061 ActivityPub: Show own replies to muted users.
Aligns mute with block behavior.
2020-10-15 12:28:25 +02:00
feld 2013705690 Merge branch 'feature/gen-magic' into 'develop'
Use libmagic via majic

Closes #1736

See merge request pleroma/pleroma!2534
2020-10-14 17:31:45 +00:00
Mark Felder 40f3cdc030 JPEG content_type must be image/jpeg 2020-10-13 10:37:24 -05:00
Mark Felder 409f694e4f Merge branch 'develop' into refactor/locked_user_field 2020-10-13 09:54:29 -05:00
Alexander Strizhakov 7dffaef479
tests consistency 2020-10-13 16:35:09 +03:00