This repository has been archived on 2024-07-22. You can view files and clone it, but cannot push or open issues or pull requests.
mastodon/app
David Leadbeater 69378eac99
Don't allow URLs that contain non-normalized paths to be verified (#20999)
* Don't allow URLs that contain non-normalized paths to be verified

This stops things like https://example.com/otheruser/../realuser where
"/otheruser" appears to be the verified URL, but the actual URL being
verified is "/realuser" due to the "/../".

Also fix a test to use 'https', so it is testing the right thing, now
that since #20304 https is required.

* missing do
2022-11-20 19:28:13 +01:00
..
chewy Change algorithm of `tootctl search deploy` to improve performance (#18463) 2022-05-22 22:16:43 +02:00
controllers Fix form-action CSP directive for external login (#20962) 2022-11-17 22:59:07 +01:00
helpers Add Scots to the supported locales (#20283) 2022-11-10 21:11:38 +01:00
javascript New Crowdin updates (#20759) 2022-11-17 21:59:15 +09:00
lib Fix emoji substitution not applying only to text nodes in backend code (#20641) 2022-11-14 20:26:21 +01:00
mailers Add support for language preferences for trending statuses and links (#18288) 2022-10-08 16:45:40 +02:00
models Don't allow URLs that contain non-normalized paths to be verified (#20999) 2022-11-20 19:28:13 +01:00
policies Fix getting a single EmailDomainBlock (#20846) 2022-11-17 10:55:50 +01:00
presenters Change sign-in banner to reflect disabled or moved account status (#19773) 2022-11-05 18:28:13 +01:00
serializers Add maskable icon support for Android (#20904) 2022-11-17 10:52:30 +01:00
services Handle links with no href in VerifyLinkService (#20741) 2022-11-17 10:59:35 +01:00
validators Fix error when uploading malformed CSV import (#19509) 2022-10-28 23:30:44 +02:00
views Fix style for hashes (#20518) 2022-11-17 11:05:39 +01:00
workers Change incoming activity processing to happen in `ingress` queue (#20264) 2022-11-10 14:21:51 +01:00