| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\
| |
| |
| |
| |
| | |
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/1059
Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
|
| | | |
|
| |/ |
|
| | |
|
| |\ |
|
| | | |
|
| | | |
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
メールアドレスの形式が正しくなければ以降の処理を行わないように (#15320)
* Mod: バリデーションを追加
* 条件の修正
notつけわすれ
* Update CHANGELOG.md
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
モジュールが使用されている場所がある問題 (#15248)
* fix: punycode.js が使用されていない場所がある問題
* fix: use punycode/punycode.js on backend
* fix: use punycode/punycode.es6.js on backend
* fix: d.ts missing declare keyword
* chore: don't use punycode.js on backend
* update pnpm-lock.yaml
* chore: remove punycode.d.ts
* chore: use punycode.js instead of punycode npm package
* chore: bump psl to 1.15.0
* chore: bump nsfwjs to 4.2.0
4.2.1 is not usable because of https://github.com/infinitered/nsfwjs/issues/904
* chore: prevent loading node-fetch from tensorflow
* chore: DOMWindow['document'] => Document
IDK why DOMWindow['document'] fails, but might be related to tsc internal complexity limit
* fix: disable --trace-deprecation
---------
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
|
| |\ \ |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
CenTdemeern1 had told me, but I got it wrong ☹
|
| | | |
| | |
| | |
| | | |
thanks to CenTdemeern1 for the `import` incantation
|
| | | | |
|
| |\ \ \
| |/ /
|/| /
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* enhance: Add a few validation fixes from Sharkey
See the original MR on the GitLab instance:
https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/484
Co-Authored-By: Dakkar <dakkar@thenautilus.net>
* fix: primitive 2: acceptance of cross-origin alternate
Co-Authored-By: Laura Hausmann <laura@hausmann.dev>
* fix: primitive 3: validation of non-final url
* fix: primitive 4: missing same-origin identifier validation of collection-wrapped activities
* fix: primitives 5 & 8: reject activities with non
string identifiers
Co-Authored-By: Laura Hausmann <laura@hausmann.dev>
* fix: primitive 6: reject anonymous objects that were fetched by their id
* fix: primitives 9, 10 & 11: http signature validation
doesn't enforce required headers or specify auth header name
Co-Authored-By: Laura Hausmann <laura@hausmann.dev>
* fix: primitive 14: improper validation of outbox, followers, following & shared inbox collections
* fix: code style for primitive 14
* fix: primitive 15: improper same-origin validation for
note uri and url
Co-Authored-By: Laura Hausmann <laura@hausmann.dev>
* fix: primitive 16: improper same-origin validation for user uri and url
* fix: primitive 17: note same-origin identifier validation can be bypassed by wrapping the id in an array
* fix: code style for primitive 17
* fix: check attribution against actor in notes
While this isn't strictly required to fix the exploits at hand, this
mirrors the fix in `ApQuestionService` for GHSA-5h8r-gq97-xv69, as a
preemptive countermeasure.
* fix: primitive 18: `ap/get` bypasses access checks
One might argue that we could make this one actually preform access
checks against the returned activity object, but I feel like that's a
lot more work than just restricting it to administrators, since, to me
at least, it seems more like a debugging tool than anything else.
* fix: primitive 19 & 20: respect blocks and hide more
Ideally, the user property should also be hidden (as leaving it in leaks
information slightly), but given the schema of the note endpoint, I
don't think that would be possible without introducing some kind of
"ghost" user, who is attributed for posts by users who have you blocked.
* fix: primitives 21, 22, and 23: reuse resolver
This also increases the default `recursionLimit` for `Resolver`, as it
theoretically will go higher that it previously would and could possibly
fail on non-malicious collection activities.
* fix: primitives 25-33: proper local instance checks
* revert: fix: primitive 19 & 20
This reverts commit 465a9fe6591de90f78bd3d084e3c01e65dc3cf3c.
---------
Co-authored-by: Dakkar <dakkar@thenautilus.net>
Co-authored-by: Laura Hausmann <laura@hausmann.dev>
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
|
| | | |
|
| |\| |
|
| | | |
|
| | |
| |
| |
| | |
that is, silencing `foo.com` also silences `sub.foo.com`
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* feat: media silence
* fix: lint
* feat: deny creating custom emoji reaction and using custom emoji from media silenced hosts
* chore: メディアサイレンスの説明にカスタム絵文字の話を追加
* Update locales/ja-JP.yml
Co-authored-by: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com>
* chore: update index.d.ts
* docs(changelog): update changelog
---------
Co-authored-by: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* enhance: 禁止ワードチェック強化
* リモートの禁止ワードチェックを添付ファイルとユーザーを登録する前に行うなど
Resolve https://github.com/misskey-dev/misskey/issues/13374
* 禁止ワートの対象の見直し
* performActivityで特定のエラーが出た際にDelayedに追加しないように
* use IdentifiableError
* NoteCreateService.checkProhibitedWords
* https://github.com/misskey-dev/misskey-private/pull/27/files#r1507416135
* remove comment
|
| | | |
|
| |/ |
|
| |
|
|
| |
Fix #13290
|
| |
|
|
| |
This reverts commit 9b5aeb76d8c9372d67058c512597152b6bf222f2.
|
| | |
|
| |
|
|
|
|
|
| |
特定文字列を含むノートを投稿できないようにする管理画面用設定項目を追加 (#13210)
* fix: 特定文字列を含むノートを投稿できないようにする管理画面用設定項目を追加
* Serviceでチェックするように変更
|
| |
|
|
| |
センシティブワードの設定がハッシュタグトレンドにも適用されるように
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* feat : サーバーサイレンスを追加
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update locale
* Update instance-info.vue
* update misskey-js.api.md
* lint fix
* migration fix
* 既存のものを使うように
* fix
* 色々直した
* Update packages/frontend/src/pages/admin/instance-block.vue
* Update packages/frontend/src/pages/admin/instance-block.vue
* Update packages/frontend/src/components/MkInstanceCardMini.vue
* Update packages/backend/src/core/entities/InstanceEntityService.ts
* Update packages/backend/src/core/entities/InstanceEntityService.ts
* Update packages/backend/src/core/entities/InstanceEntityService.ts
* Update packages/backend/src/core/UserFollowingService.ts
* Update packages/backend/src/core/UserFollowingService.ts
* fix: サイレンスされてるサーバーからの投稿は全部ホームにする
* fix: undefinedでfalseを返すようにした
---------
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
著作権とライセンスについての情報を各ファイルに追加する (#11348)
* chore: Add the SPDX information to each file
Add copyright and licensing information as defined in version 3.0 of
the REUSE Specification.
* tweak format
---------
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* TypeScriptでendsWith
* fix
* SQL?
* バ〜カアホ
* Update packages/backend/src/core/UtilityService.ts
Co-authored-by: Acid Chicken (硫酸鶏) <root@acid-chicken.com>
* add comment
* add description
* Update packages/backend/src/core/UtilityService.ts
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
* Update packages/backend/src/core/chart/charts/federation.ts
Co-authored-by: Acid Chicken (硫酸鶏) <root@acid-chicken.com>
* remove comment
* fix
* fix?
* add changelog
* ILIKE, ARRAY
Co-authored-by: Acid Chicken (硫酸鶏) <root@acid-chicken.com>
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
|
| | |
|
| | |
|
| |
|
