From a87843693b87f24c7217e5dd7e0823835732687c Mon Sep 17 00:00:00 2001 From: rinpatch Date: Sun, 8 Dec 2019 16:36:22 +0300 Subject: [PATCH 1/9] Fix never matching clause `length/1` is only used with lists. --- lib/pleroma/web/activity_pub/transmogrifier.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 1c67fee2e..e925aae2f 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -416,7 +416,7 @@ def handle_incoming(%{"type" => "Flag", "object" => objects, "actor" => actor} = def handle_incoming(%{"id" => nil}, _options), do: :error def handle_incoming(%{"id" => ""}, _options), do: :error # length of https:// = 8, should validate better, but good enough for now. - def handle_incoming(%{"id" => id}, _options) when not (is_binary(id) and length(id) > 8), + def handle_incoming(%{"id" => id}, _options) when is_binary(id) and byte_size(id) < 8, do: :error # TODO: validate those with a Ecto scheme From f486556346fd078956fb0a13f65b255904e2af83 Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Fri, 3 Jan 2020 16:21:52 +0300 Subject: [PATCH 2/9] fixed Metadata.Utils.scrub_html_and_truncate --- lib/pleroma/web/metadata/utils.ex | 2 ++ test/web/metadata/utils_test.exs | 32 +++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 test/web/metadata/utils_test.exs diff --git a/lib/pleroma/web/metadata/utils.ex b/lib/pleroma/web/metadata/utils.ex index 720bd4519..e1ad402bc 100644 --- a/lib/pleroma/web/metadata/utils.ex +++ b/lib/pleroma/web/metadata/utils.ex @@ -14,6 +14,7 @@ def scrub_html_and_truncate(%{data: %{"content" => content}} = object) do |> String.replace(~r//, " ") |> HTML.get_cached_stripped_html_for_activity(object, "metadata") |> Formatter.demojify() + |> HtmlEntities.decode() |> Formatter.truncate() end @@ -24,6 +25,7 @@ def scrub_html_and_truncate(content, max_length \\ 200) when is_binary(content) |> String.replace(~r//, " ") |> HTML.strip_tags() |> Formatter.demojify() + |> HtmlEntities.decode() |> Formatter.truncate(max_length) end diff --git a/test/web/metadata/utils_test.exs b/test/web/metadata/utils_test.exs new file mode 100644 index 000000000..7547f2932 --- /dev/null +++ b/test/web/metadata/utils_test.exs @@ -0,0 +1,32 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.Metadata.UtilsTest do + use Pleroma.DataCase + import Pleroma.Factory + alias Pleroma.Web.Metadata.Utils + + describe "scrub_html_and_truncate/1" do + test "it returns text without encode HTML" do + user = insert(:user) + + note = + insert(:note, %{ + data: %{ + "actor" => user.ap_id, + "id" => "https://pleroma.gov/objects/whatever", + "content" => "Pleroma's really cool!" + } + }) + + assert Utils.scrub_html_and_truncate(note) == "Pleroma's really cool!" + end + end + + describe "scrub_html_and_truncate/2" do + test "it returns text without encode HTML" do + assert Utils.scrub_html_and_truncate("Pleroma's really cool!") == "Pleroma's really cool!" + end + end +end From 40727b28a74f64cfe7b3feb5d54fe71199194a7e Mon Sep 17 00:00:00 2001 From: rinpatch Date: Sat, 14 Sep 2019 16:39:42 +0000 Subject: [PATCH 3/9] Merge branch 'fix/truncate-remote-user-fields' into 'develop' Truncate remote user fields See merge request pleroma/pleroma!1619 --- lib/pleroma/user.ex | 16 ++++++++- lib/pleroma/user/info.ex | 17 ++++++++++ test/user_test.exs | 73 +++++++++++++++++++++++++++++----------- 3 files changed, 85 insertions(+), 21 deletions(-) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index f5d3245dc..1f5a47e05 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -177,11 +177,25 @@ def following_count(%User{} = user) do |> Repo.aggregate(:count, :id) end + defp truncate_if_exists(params, key, max_length) do + if Map.has_key?(params, key) and is_binary(params[key]) do + {value, _chopped} = String.split_at(params[key], max_length) + Map.put(params, key, value) + else + params + end + end + def remote_user_creation(params) do bio_limit = Pleroma.Config.get([:instance, :user_bio_length], 5000) name_limit = Pleroma.Config.get([:instance, :user_name_length], 100) - params = Map.put(params, :info, params[:info] || %{}) + params = + params + |> Map.put(:info, params[:info] || %{}) + |> truncate_if_exists(:name, name_limit) + |> truncate_if_exists(:bio, bio_limit) + info_cng = User.Info.remote_user_creation(%User.Info{}, params[:info]) changes = diff --git a/lib/pleroma/user/info.ex b/lib/pleroma/user/info.ex index 779bfbc18..151e025de 100644 --- a/lib/pleroma/user/info.ex +++ b/lib/pleroma/user/info.ex @@ -242,6 +242,13 @@ def set_keys(info, keys) do end def remote_user_creation(info, params) do + params = + if Map.has_key?(params, :fields) do + Map.put(params, :fields, Enum.map(params[:fields], &truncate_field/1)) + else + params + end + info |> cast(params, [ :ap_enabled, @@ -326,6 +333,16 @@ defp valid_field?(%{"name" => name, "value" => value}) do defp valid_field?(_), do: false + defp truncate_field(%{"name" => name, "value" => value}) do + {name, _chopped} = + String.split_at(name, Pleroma.Config.get([:instance, :account_field_name_length], 255)) + + {value, _chopped} = + String.split_at(value, Pleroma.Config.get([:instance, :account_field_value_length], 255)) + + %{"name" => name, "value" => value} + end + @spec confirmation_changeset(Info.t(), keyword()) :: Changeset.t() def confirmation_changeset(info, opts) do need_confirmation? = Keyword.get(opts, :need_confirmation) diff --git a/test/user_test.exs b/test/user_test.exs index 90c62ba31..3582b193d 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -570,22 +570,6 @@ test "it has required fields" do refute cs.valid? end) end - - test "it restricts some sizes" do - bio_limit = Pleroma.Config.get([:instance, :user_bio_length], 5000) - name_limit = Pleroma.Config.get([:instance, :user_name_length], 100) - - [bio: bio_limit, name: name_limit] - |> Enum.each(fn {field, size} -> - string = String.pad_leading(".", size) - cs = User.remote_user_creation(Map.put(@valid_remote, field, string)) - assert cs.valid? - - string = String.pad_leading(".", size + 1) - cs = User.remote_user_creation(Map.put(@valid_remote, field, string)) - refute cs.valid? - end) - end end describe "followers and friends" do @@ -1117,11 +1101,60 @@ test "get_public_key_for_ap_id fetches a user that's not in the db" do assert {:ok, _key} = User.get_public_key_for_ap_id("http://mastodon.example.org/users/admin") end - test "insert or update a user from given data" do - user = insert(:user, %{nickname: "nick@name.de"}) - data = %{ap_id: user.ap_id <> "xxx", name: user.name, nickname: user.nickname} + describe "insert or update a user from given data" do + test "with normal data" do + user = insert(:user, %{nickname: "nick@name.de"}) + data = %{ap_id: user.ap_id <> "xxx", name: user.name, nickname: user.nickname} - assert {:ok, %User{}} = User.insert_or_update_user(data) + assert {:ok, %User{}} = User.insert_or_update_user(data) + end + + test "with overly long fields" do + current_max_length = Pleroma.Config.get([:instance, :account_field_value_length], 255) + user = insert(:user, nickname: "nickname@supergood.domain") + + data = %{ + ap_id: user.ap_id, + name: user.name, + nickname: user.nickname, + info: %{ + fields: [ + %{"name" => "myfield", "value" => String.duplicate("h", current_max_length + 1)} + ] + } + } + + assert {:ok, %User{}} = User.insert_or_update_user(data) + end + + test "with an overly long bio" do + current_max_length = Pleroma.Config.get([:instance, :user_bio_length], 5000) + user = insert(:user, nickname: "nickname@supergood.domain") + + data = %{ + ap_id: user.ap_id, + name: user.name, + nickname: user.nickname, + bio: String.duplicate("h", current_max_length + 1), + info: %{} + } + + assert {:ok, %User{}} = User.insert_or_update_user(data) + end + + test "with an overly long display name" do + current_max_length = Pleroma.Config.get([:instance, :user_name_length], 100) + user = insert(:user, nickname: "nickname@supergood.domain") + + data = %{ + ap_id: user.ap_id, + name: String.duplicate("h", current_max_length + 1), + nickname: user.nickname, + info: %{} + } + + assert {:ok, %User{}} = User.insert_or_update_user(data) + end end describe "per-user rich-text filtering" do From 1e74bbc4950768fa9af027034c46380487b336c0 Mon Sep 17 00:00:00 2001 From: Haelwenn Date: Wed, 29 Jan 2020 20:21:32 +0000 Subject: [PATCH 4/9] Merge branch 'fix-streaming-reblog' into 'develop' Streamer: Correctly handle reblog mutes Closes #1129 and #1438 See merge request pleroma/pleroma!2156 --- lib/pleroma/web/streamer/worker.ex | 3 +- test/web/streamer/streamer_test.exs | 97 +++++++++++++++++++---------- 2 files changed, 66 insertions(+), 34 deletions(-) diff --git a/lib/pleroma/web/streamer/worker.ex b/lib/pleroma/web/streamer/worker.ex index da7a5a6f2..1e7da4852 100644 --- a/lib/pleroma/web/streamer/worker.ex +++ b/lib/pleroma/web/streamer/worker.ex @@ -137,8 +137,9 @@ defp should_send?(%User{} = user, %Activity{} = item) do domain_blocks = Pleroma.Web.ActivityPub.MRF.subdomains_regex(user.info.domain_blocks) with parent <- Object.normalize(item) || item, - true <- Enum.all?([blocks, mutes, reblog_mutes], &(item.actor not in &1)), + true <- Enum.all?([blocks, mutes], &(item.actor not in &1)), true <- Enum.all?([blocks, mutes], &(parent.data["actor"] not in &1)), + true <- item.data["type"] != "Announce" || item.actor not in reblog_mutes, true <- MapSet.disjoint?(recipients, recipient_blocks), %{host: item_host} <- URI.parse(item.actor), %{host: parent_host} <- URI.parse(parent.data["actor"]), diff --git a/test/web/streamer/streamer_test.exs b/test/web/streamer/streamer_test.exs index 601f6df49..4818f4c4e 100644 --- a/test/web/streamer/streamer_test.exs +++ b/test/web/streamer/streamer_test.exs @@ -60,6 +60,9 @@ test "it doesn't send notify to the 'user:notification' stream when a user is bl blocked = insert(:user) {:ok, user} = User.block(user, blocked) + {:ok, activity} = CommonAPI.post(user, %{"status" => ":("}) + {:ok, notif, _} = CommonAPI.favorite(activity.id, blocked) + task = Task.async(fn -> refute_receive {:text, _}, 4_000 end) Streamer.add_socket( @@ -67,9 +70,6 @@ test "it doesn't send notify to the 'user:notification' stream when a user is bl %{transport_pid: task.pid, assigns: %{user: user}} ) - {:ok, activity} = CommonAPI.post(user, %{"status" => ":("}) - {:ok, notif, _} = CommonAPI.favorite(activity.id, blocked) - Streamer.stream("user:notification", notif) Task.await(task) end @@ -78,6 +78,11 @@ test "it doesn't send notify to the 'user:notification' stream when a thread is user: user } do user2 = insert(:user) + + {:ok, activity} = CommonAPI.post(user, %{"status" => "super hot take"}) + {:ok, activity} = CommonAPI.add_mute(user, activity) + {:ok, notif, _} = CommonAPI.favorite(activity.id, user2) + task = Task.async(fn -> refute_receive {:text, _}, 4_000 end) Streamer.add_socket( @@ -85,9 +90,6 @@ test "it doesn't send notify to the 'user:notification' stream when a thread is %{transport_pid: task.pid, assigns: %{user: user}} ) - {:ok, activity} = CommonAPI.post(user, %{"status" => "super hot take"}) - {:ok, activity} = CommonAPI.add_mute(user, activity) - {:ok, notif, _} = CommonAPI.favorite(activity.id, user2) Streamer.stream("user:notification", notif) Task.await(task) end @@ -96,6 +98,11 @@ test "it doesn't send notify to the 'user:notification' stream' when a domain is user: user } do user2 = insert(:user, %{ap_id: "https://hecking-lewd-place.com/user/meanie"}) + + {:ok, user} = User.block_domain(user, "hecking-lewd-place.com") + {:ok, activity} = CommonAPI.post(user, %{"status" => "super hot take"}) + {:ok, notif, _} = CommonAPI.favorite(activity.id, user2) + task = Task.async(fn -> refute_receive {:text, _}, 4_000 end) Streamer.add_socket( @@ -103,10 +110,6 @@ test "it doesn't send notify to the 'user:notification' stream' when a domain is %{transport_pid: task.pid, assigns: %{user: user}} ) - {:ok, user} = User.block_domain(user, "hecking-lewd-place.com") - {:ok, activity} = CommonAPI.post(user, %{"status" => "super hot take"}) - {:ok, notif, _} = CommonAPI.favorite(activity.id, user2) - Streamer.stream("user:notification", notif) Task.await(task) end @@ -257,6 +260,8 @@ test "it doesn't send messages involving blocked users" do blocked_user = insert(:user) {:ok, user} = User.block(user, blocked_user) + {:ok, activity} = CommonAPI.post(blocked_user, %{"status" => "Test"}) + task = Task.async(fn -> refute_receive {:text, _}, 1_000 @@ -267,8 +272,6 @@ test "it doesn't send messages involving blocked users" do user: user } - {:ok, activity} = CommonAPI.post(blocked_user, %{"status" => "Test"}) - topics = %{ "public" => [fake_socket] } @@ -325,6 +328,12 @@ test "it doesn't send unwanted DMs to list" do {:ok, list} = List.create("Test", user_a) {:ok, list} = List.follow(list, user_b) + {:ok, activity} = + CommonAPI.post(user_b, %{ + "status" => "@#{user_c.nickname} Test", + "visibility" => "direct" + }) + task = Task.async(fn -> refute_receive {:text, _}, 1_000 @@ -335,12 +344,6 @@ test "it doesn't send unwanted DMs to list" do user: user_a } - {:ok, activity} = - CommonAPI.post(user_b, %{ - "status" => "@#{user_c.nickname} Test", - "visibility" => "direct" - }) - topics = %{ "list:#{list.id}" => [fake_socket] } @@ -357,6 +360,12 @@ test "it doesn't send unwanted private posts to list" do {:ok, list} = List.create("Test", user_a) {:ok, list} = List.follow(list, user_b) + {:ok, activity} = + CommonAPI.post(user_b, %{ + "status" => "Test", + "visibility" => "private" + }) + task = Task.async(fn -> refute_receive {:text, _}, 1_000 @@ -367,12 +376,6 @@ test "it doesn't send unwanted private posts to list" do user: user_a } - {:ok, activity} = - CommonAPI.post(user_b, %{ - "status" => "Test", - "visibility" => "private" - }) - topics = %{ "list:#{list.id}" => [fake_socket] } @@ -391,6 +394,12 @@ test "it sends wanted private posts to list" do {:ok, list} = List.create("Test", user_a) {:ok, list} = List.follow(list, user_b) + {:ok, activity} = + CommonAPI.post(user_b, %{ + "status" => "Test", + "visibility" => "private" + }) + task = Task.async(fn -> assert_receive {:text, _}, 1_000 @@ -401,12 +410,6 @@ test "it sends wanted private posts to list" do user: user_a } - {:ok, activity} = - CommonAPI.post(user_b, %{ - "status" => "Test", - "visibility" => "private" - }) - Streamer.add_socket( "list:#{list.id}", fake_socket @@ -423,6 +426,9 @@ test "it doesn't send muted reblogs" do user3 = insert(:user) CommonAPI.hide_reblogs(user1, user2) + {:ok, create_activity} = CommonAPI.post(user3, %{"status" => "I'm kawen"}) + {:ok, announce_activity, _} = CommonAPI.repeat(create_activity.id, user2) + task = Task.async(fn -> refute_receive {:text, _}, 1_000 @@ -433,9 +439,6 @@ test "it doesn't send muted reblogs" do user: user1 } - {:ok, create_activity} = CommonAPI.post(user3, %{"status" => "I'm kawen"}) - {:ok, announce_activity, _} = CommonAPI.repeat(create_activity.id, user2) - topics = %{ "public" => [fake_socket] } @@ -445,6 +448,34 @@ test "it doesn't send muted reblogs" do Task.await(task) end + test "it does send non-reblog notification for reblog-muted actors" do + user1 = insert(:user) + user2 = insert(:user) + user3 = insert(:user) + CommonAPI.hide_reblogs(user1, user2) + + {:ok, create_activity} = CommonAPI.post(user3, %{"status" => "I'm kawen"}) + {:ok, favorite_activity, _} = CommonAPI.favorite(create_activity.id, user2) + + task = + Task.async(fn -> + assert_receive {:text, _}, 1_000 + end) + + fake_socket = %StreamerSocket{ + transport_pid: task.pid, + user: user1 + } + + topics = %{ + "public" => [fake_socket] + } + + Worker.push_to_socket(topics, "public", favorite_activity) + + Task.await(task) + end + test "it doesn't send posts from muted threads" do user = insert(:user) user2 = insert(:user) From 31dc669de6ae73dba395abf4380c427fdb10f7d8 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Sun, 2 Feb 2020 14:55:06 +0300 Subject: [PATCH 5/9] fix not being able to pin polls --- lib/pleroma/web/common_api/common_api.ex | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 184ec6021..01ed7b16f 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -328,15 +328,10 @@ def update(user) do def pin(id_or_ap_id, %{ap_id: user_ap_id} = user) do with %Activity{ actor: ^user_ap_id, - data: %{ - "type" => "Create" - }, - object: %Object{ - data: %{ - "type" => "Note" - } - } + data: %{"type" => "Create"}, + object: %Object{data: %{"type" => object_type}} } = activity <- get_by_id_or_ap_id(id_or_ap_id), + true <- object_type in ["Note", "Article", "Question"], true <- Visibility.is_public?(activity), %{valid?: true} = info_changeset <- User.Info.add_pinnned_activity(user.info, activity), changeset <- From be3cdde9db1375103a1ea318d702181d81142fb8 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Sun, 9 Feb 2020 01:06:58 +0300 Subject: [PATCH 6/9] deps: update plug to 1.9 Includes functionality needed to fix upload limit not being changed at runtime: https://github.com/elixir-plug/plug/commit/087cd64d864696c74bf07f935e2ae31caec19a1e --- mix.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mix.lock b/mix.lock index d11a659dd..4246101ac 100644 --- a/mix.lock +++ b/mix.lock @@ -69,7 +69,7 @@ "phoenix_pubsub": {:hex, :phoenix_pubsub, "1.1.2", "496c303bdf1b2e98a9d26e89af5bba3ab487ba3a3735f74bf1f4064d2a845a3e", [:mix], [], "hexpm"}, "phoenix_swoosh": {:hex, :phoenix_swoosh, "0.2.0", "a7e0b32077cd6d2323ae15198839b05d9caddfa20663fd85787479e81f89520e", [:mix], [{:phoenix, "~> 1.0", [hex: :phoenix, repo: "hexpm", optional: false]}, {:phoenix_html, "~> 2.2", [hex: :phoenix_html, repo: "hexpm", optional: false]}, {:swoosh, "~> 0.1", [hex: :swoosh, repo: "hexpm", optional: false]}], "hexpm"}, "pleroma_job_queue": {:hex, :pleroma_job_queue, "0.3.0", "b84538d621f0c3d6fcc1cff9d5648d3faaf873b8b21b94e6503428a07a48ec47", [:mix], [{:crontab, "~> 1.1", [hex: :crontab, repo: "hexpm", optional: false]}], "hexpm"}, - "plug": {:hex, :plug, "1.8.2", "0bcce1daa420f189a6491f3940cc77ea7fb1919761175c9c3b59800d897440fc", [:mix], [{:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_crypto, "~> 1.0", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: true]}], "hexpm"}, + "plug": {:hex, :plug, "1.9.0", "8d7c4e26962283ff9f8f3347bd73838e2413fbc38b7bb5467d5924f68f3a5a4a", [:mix], [{:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_crypto, "~> 1.0", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: true]}], "hexpm"}, "plug_cowboy": {:hex, :plug_cowboy, "2.1.0", "b75768153c3a8a9e8039d4b25bb9b14efbc58e9c4a6e6a270abff1cd30cbe320", [:mix], [{:cowboy, "~> 2.5", [hex: :cowboy, repo: "hexpm", optional: false]}, {:plug, "~> 1.7", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm"}, "plug_crypto": {:hex, :plug_crypto, "1.0.0", "18e49317d3fa343f24620ed22795ec29d4a5e602d52d1513ccea0b07d8ea7d4d", [:mix], [], "hexpm"}, "plug_static_index_html": {:hex, :plug_static_index_html, "1.0.0", "840123d4d3975585133485ea86af73cb2600afd7f2a976f9f5fd8b3808e636a0", [:mix], [{:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm"}, @@ -88,7 +88,7 @@ "sweet_xml": {:hex, :sweet_xml, "0.6.6", "fc3e91ec5dd7c787b6195757fbcf0abc670cee1e4172687b45183032221b66b8", [:mix], [], "hexpm"}, "swoosh": {:hex, :swoosh, "0.23.2", "7dda95ff0bf54a2298328d6899c74dae1223777b43563ccebebb4b5d2b61df38", [:mix], [{:cowboy, "~> 1.0.1 or ~> 1.1 or ~> 2.4", [hex: :cowboy, repo: "hexpm", optional: true]}, {:gen_smtp, "~> 0.13", [hex: :gen_smtp, repo: "hexpm", optional: true]}, {:hackney, "~> 1.9", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:mail, "~> 0.2", [hex: :mail, repo: "hexpm", optional: true]}, {:mime, "~> 1.1", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_cowboy, ">= 1.0.0", [hex: :plug_cowboy, repo: "hexpm", optional: true]}], "hexpm"}, "syslog": {:git, "https://github.com/Vagabond/erlang-syslog.git", "4a6c6f2c996483e86c1320e9553f91d337bcb6aa", [tag: "1.0.5"]}, - "telemetry": {:hex, :telemetry, "0.4.0", "8339bee3fa8b91cb84d14c2935f8ecf399ccd87301ad6da6b71c09553834b2ab", [:rebar3], [], "hexpm"}, + "telemetry": {:hex, :telemetry, "0.4.1", "ae2718484892448a24470e6aa341bc847c3277bfb8d4e9289f7474d752c09c7f", [:rebar3], [], "hexpm"}, "tesla": {:hex, :tesla, "1.3.0", "f35d72f029e608f9cdc6f6d6fcc7c66cf6d6512a70cfef9206b21b8bd0203a30", [:mix], [{:castore, "~> 0.1", [hex: :castore, repo: "hexpm", optional: true]}, {:exjsx, ">= 3.0.0", [hex: :exjsx, repo: "hexpm", optional: true]}, {:fuse, "~> 2.4", [hex: :fuse, repo: "hexpm", optional: true]}, {:gun, "~> 1.3", [hex: :gun, repo: "hexpm", optional: true]}, {:hackney, "~> 1.6", [hex: :hackney, repo: "hexpm", optional: true]}, {:ibrowse, "~> 4.4.0", [hex: :ibrowse, repo: "hexpm", optional: true]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: true]}, {:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}, {:mint, "~> 0.4", [hex: :mint, repo: "hexpm", optional: true]}, {:poison, ">= 1.0.0", [hex: :poison, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.3", [hex: :telemetry, repo: "hexpm", optional: true]}], "hexpm"}, "timex": {:hex, :timex, "3.6.1", "efdf56d0e67a6b956cc57774353b0329c8ab7726766a11547e529357ffdc1d56", [:mix], [{:combine, "~> 0.10", [hex: :combine, repo: "hexpm", optional: false]}, {:gettext, "~> 0.10", [hex: :gettext, repo: "hexpm", optional: false]}, {:tzdata, "~> 0.1.8 or ~> 0.5 or ~> 1.0.0", [hex: :tzdata, repo: "hexpm", optional: false]}], "hexpm"}, "trailing_format_plug": {:hex, :trailing_format_plug, "0.0.7", "64b877f912cf7273bed03379936df39894149e35137ac9509117e59866e10e45", [:mix], [{:plug, "> 0.12.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm"}, From 1e3dda9b1dc25152483e6185ce7a3365f9810209 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Fri, 7 Feb 2020 19:21:55 +0300 Subject: [PATCH 7/9] Actually fix upload limit on OTP releases Closes #1109 --- lib/pleroma/plugs/parsers_plug.ex | 21 --------------------- lib/pleroma/web/endpoint.ex | 12 +++++++++++- 2 files changed, 11 insertions(+), 22 deletions(-) delete mode 100644 lib/pleroma/plugs/parsers_plug.ex diff --git a/lib/pleroma/plugs/parsers_plug.ex b/lib/pleroma/plugs/parsers_plug.ex deleted file mode 100644 index 2e493ce0e..000000000 --- a/lib/pleroma/plugs/parsers_plug.ex +++ /dev/null @@ -1,21 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2019 Pleroma Authors -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Plugs.Parsers do - @moduledoc "Initializes Plug.Parsers with upload limit set at boot time" - - @behaviour Plug - - def init(_opts) do - Plug.Parsers.init( - parsers: [:urlencoded, :multipart, :json], - pass: ["*/*"], - json_decoder: Jason, - length: Pleroma.Config.get([:instance, :upload_limit]), - body_reader: {Pleroma.Web.Plugs.DigestPlug, :read_body, []} - ) - end - - defdelegate call(conn, opts), to: Plug.Parsers -end diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex index f0abc8eb8..51c8401ae 100644 --- a/lib/pleroma/web/endpoint.ex +++ b/lib/pleroma/web/endpoint.ex @@ -61,7 +61,17 @@ defmodule Pleroma.Web.Endpoint do plug(Plug.RequestId) plug(Plug.Logger) - plug(Pleroma.Plugs.Parsers) + plug(Plug.Parsers, + parsers: [ + :urlencoded, + {:multipart, length: {Pleroma.Config, :get, [[:instance, :upload_limit]]}}, + :json + ], + pass: ["*/*"], + json_decoder: Jason, + length: Pleroma.Config.get([:instance, :upload_limit]), + body_reader: {Pleroma.Web.Plugs.DigestPlug, :read_body, []} + ) plug(Plug.MethodOverride) plug(Plug.Head) From 01396a11f27c85ec01a1e0418fc0de629383c796 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Sun, 9 Feb 2020 01:22:56 +0300 Subject: [PATCH 8/9] changelog: add entry for 1.1.9 --- CHANGELOG.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8cd0c4fad..9858c734b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,14 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## [1.1.9] - 2020-02-10 +### Fixed +- OTP: Inability to set the upload limit (again) +- Not being able to pin polls +- Streaming API: incorrect handling of reblog mutes +- Rejecting the user when field length limit is exceeded +- OpenGraph provider: html entities in descriptions + ## [1.1.8] - 2020-01-10 ### Fixed - Captcha generation issues From 06fec99e1d8d4be6cb71551089f2d95e936d6990 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Sun, 9 Feb 2020 12:19:47 +0300 Subject: [PATCH 9/9] mix.exs: bump version to 1.1.9 --- mix.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mix.exs b/mix.exs index 6438740c5..ee8074f43 100644 --- a/mix.exs +++ b/mix.exs @@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do def project do [ app: :pleroma, - version: version("1.1.8"), + version: version("1.1.9"), elixir: "~> 1.7", elixirc_paths: elixirc_paths(Mix.env()), compilers: [:phoenix, :gettext] ++ Mix.compilers(),