itepechi/akkoma
1
0
Fork 0
Code Issues Pull requests Releases Activity
akkoma/lib/pleroma
History
Oneric 96fe080e6e Convert all raw :zip usage to SafeZip 
Notably at least two instances were not properly guarded from path
traversal attack before and are only now fixed by using SafeZip:

 - frontend installation did never check for malicious paths.
   But given a malicious froontend could already, e.g. steal
   all user tokens even without this, in the real world
   admins should only use frontends from trusted sources
   and the practical implications are minimal

 - the emoji pack update/upload API taking a ZIP file
   did not protect against path traversal. While atm
   only admins can use these emoji endpoints, emoji
   packs are typically considered "harmless" and used
   without prior verification from various sources.
   Thus this appears more concerning.
2025-02-14 22:10:25 +01:00
..
activity Fix tests 2024-06-09 18:28:00 +01:00
akkoma Add MRFs for direct message manipulation 2023-05-22 23:53:44 +01:00
captcha
collections Don't return garbage on failed collection fetches 2025-02-14 18:49:51 +01:00
config Remove proxy_remote vestiges 2024-06-16 01:21:52 +02:00
conversation
docs backend-i18n (#121) 2022-07-27 21:56:59 +00:00
ecto_type recipients fixes/hardening for CreateGenericValidator 2021-04-05 19:19:11 +02:00
emails Set customize_hostname_check for Swoosh.Adapters.SMTP 2024-12-18 14:37:27 -05:00
emoji Convert all raw :zip usage to SafeZip 2025-02-14 22:10:25 +01:00
helpers giant massive dep upgrade and dialyxir-found error emporium (#371) 2022-12-14 12:38:48 +00:00
http Add pool timeouts 2024-06-09 17:20:29 +01:00
instances nodeinfo: lower log level of regular actions to debug 2025-01-07 20:27:28 +01:00
mfa
migration_helper purge chat and shout endpoints 2022-07-21 11:29:28 +01:00
migrators Support elixir1.15 2023-08-03 17:44:09 +01:00
object Merge remote-tracking branch 'oneric/varfixes' into develop 2024-10-30 15:15:00 +00:00
password
reverse_proxy giant massive dep upgrade and dialyxir-found error emporium (#371) 2022-12-14 12:38:48 +00:00
search Don't create noop SearchIndexingWorker jobs for passive index 2025-01-07 20:27:27 +01:00
tests Fix compile cycle in Pleroma.Tests.AuthTestController 2021-06-09 13:30:19 -05:00
upload strip_metadata: skip BMP files 2024-06-27 18:29:45 +02:00
uploaders Use finch everywhere (#33) 2022-07-04 16:30:38 +00:00
user Convert all raw :zip usage to SafeZip 2025-02-14 22:10:25 +01:00
web Migrate back to upstream Plug.Static 2025-02-14 22:10:25 +01:00
workers receiver_worker: log processes crashes 2025-02-14 18:46:19 +01:00
activity.ex meilisearch: respect meili’s result ranking 2024-05-29 23:17:27 +00:00
announcement.ex giant massive dep upgrade and dialyxir-found error emporium (#371) 2022-12-14 12:38:48 +00:00
announcement_read_relationship.ex Merge branch 'from/upstream-develop/tusooa/server-announcements' into 'develop' (#85) 2022-07-18 13:08:36 +00:00
application.ex fix oembed test 2024-06-09 21:17:12 +01:00
application_requirements.ex Rename StripLocation to StripMetadata for temporal-proofing reasons 2024-04-16 20:37:00 +02:00
bookmark.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
caching.ex
captcha.ex
clippy.ex
config.ex
config_db.ex Do not crash on invalid atom in configDB 2022-12-21 00:16:39 +00:00
constants.ex Don't try to handle non-media objects as media 2024-05-22 20:30:23 +02:00
conversation.ex
counter_cache.ex
data_migration.ex
delivery.ex
ecto_enums.ex v2 Suggestions: dismiss a suggestion 2021-11-26 20:19:29 -06:00
emoji-test.txt emoji-test: update to latest 15.0 draft 2022-09-11 19:55:45 +01:00
emoji.ex Remove _misskey_reaction matching (#500) 2023-03-10 18:46:49 +00:00
filter.ex
following_relationship.ex paginate follow requests (#460) 2023-02-04 20:51:17 +00:00
formatter.ex Interpret \n as newline for MFM 2023-02-18 19:56:11 +01:00
frontend.ex Convert all raw :zip usage to SafeZip 2025-02-14 22:10:25 +01:00
hashtag.ex Remerge of hashtag following (#341) 2022-12-05 12:58:48 +00:00
healthcheck.ex
html.ex Fix tests 2024-06-09 18:28:00 +01:00
http.ex Convert rich media backfill to oban task 2024-06-11 18:06:51 +01:00
instances.ex Add Signed Fetch Statistics (#312) 2022-11-26 19:22:56 +00:00
iso639.ex Add language support on /api/v1/statuses 2023-01-10 10:29:17 +00:00
job_queue_monitor.ex Use fully qualified function capture for telementry event 2024-02-12 01:59:18 +01:00
jwt.ex
list.ex
logging.ex
maintenance.ex Support elixir1.15 2023-08-03 17:44:09 +01:00
maps.ex
marker.ex
mfa.ex
moderation_log.ex giant massive dep upgrade and dialyxir-found error emporium (#371) 2022-12-14 12:38:48 +00:00
notification.ex Require related object for notifications to filter on content 2023-06-14 19:41:48 +00:00
object.ex cosmetic/object: drop is_ prefix from is_tombstone_object? 2025-02-14 22:10:25 +01:00
object_tombstone.ex
otp_version.ex
pagination.ex Add /api/v1/followed_tags 2022-12-31 18:09:34 +00:00
password.ex update references to pleroma in docs 2022-12-30 03:43:35 +00:00
password_reset_token.ex
prometheus_exporter.ex Use a genserver to periodically fetch metrics 2023-01-01 18:32:14 +00:00
registration.ex
release_tasks.ex giant massive dep upgrade and dialyxir-found error emporium (#371) 2022-12-14 12:38:48 +00:00
repo.ex Remove instrumentors (#98) 2022-07-21 11:32:17 +00:00
report_note.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
reverse_proxy.ex Sanitise Content-Type of media proxy URLs 2024-03-18 22:33:10 -01:00
safe_zip.ex Add SafeZip module 2025-02-14 22:10:25 +01:00
scheduled_activity.ex Restrict media usage to owners 2024-05-22 20:30:18 +02:00
search.ex Don't try removing deleted users and such from index as posts 2022-06-29 20:49:45 +01:00
signature.ex standardise local key id generation 2024-10-30 12:44:01 +00:00
stats.ex stats: estimate remote user count 2025-01-07 20:27:28 +01:00
thread_mute.ex
upload.ex Drop activity_type override for uploads 2024-05-22 20:30:23 +02:00
user.ex user: avoid database work on superfluous pin 2025-01-07 20:27:28 +01:00
user_invite_token.ex
user_note.ex Make UserNote comment default to the empty string. 2023-04-27 05:22:12 +00:00
user_relationship.ex fix flaky test_user_relationship_test.exs:81 2022-10-23 13:31:01 +02:00
utils.ex extend custom runtime system (#108) 2022-07-24 16:42:43 +00:00
web.ex Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
xml_builder.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00