Merge remote-tracking branch 'tootsuite/master' into merge-upstream

Conflicts:
	Gemfile
	config/locales/simple_form.pl.yml
master
David Yip 7 years ago
commit 3d033a4687
No known key found for this signature in database
GPG Key ID: 7DA0036508FCC0CC
  1. 1
      Gemfile
  2. 3
      Gemfile.lock
  3. 18
      app/controllers/media_controller.rb
  4. 2
      app/javascript/mastodon/components/media_gallery.js
  5. 175
      app/javascript/mastodon/features/status/components/card.js
  6. 14
      app/javascript/mastodon/features/video/index.js
  7. 13
      app/javascript/mastodon/locales/pl.json
  8. 4
      app/javascript/styles/mastodon/basics.scss
  9. 63
      app/javascript/styles/mastodon/components.scss
  10. 8
      app/javascript/styles/mastodon/stream_entries.scss
  11. 26
      app/models/media_attachment.rb
  12. 4
      app/services/fetch_link_card_service.rb
  13. 2
      app/views/media/player.html.haml
  14. 5
      app/views/stream_entries/_og_description.html.haml
  15. 27
      app/views/stream_entries/_og_image.html.haml
  16. 2
      boxfile.yml
  17. 86
      config/brakeman.ignore
  18. 2
      config/locales/ca.yml
  19. 2
      config/locales/es.yml
  20. 5
      config/locales/pl.yml
  21. 2
      config/locales/simple_form.pl.yml
  22. 5
      config/routes.rb
  23. 1
      spec/models/media_attachment_spec.rb

@ -21,6 +21,7 @@ gem 'fog-openstack', '~> 0.1', require: false
gem 'paperclip', '~> 5.1'
gem 'paperclip-av-transcoder', '~> 0.6'
gem 'posix-spawn'
gem 'streamio-ffmpeg', '~> 3.0'
gem 'active_model_serializers', '~> 0.10'
gem 'addressable', '~> 2.5'

@ -550,6 +550,8 @@ GEM
net-scp (>= 1.1.2)
net-ssh (>= 2.8.0)
statsd-ruby (1.2.1)
streamio-ffmpeg (3.0.2)
multi_json (~> 1.8)
strong_migrations (0.1.9)
activerecord (>= 3.2.0)
temple (0.8.0)
@ -712,6 +714,7 @@ DEPENDENCIES
simple_form (~> 3.4)
simplecov (~> 0.14)
sprockets-rails (~> 3.2)
streamio-ffmpeg (~> 3.0)
strong_migrations
tty-command
tty-prompt

@ -3,20 +3,26 @@
class MediaController < ApplicationController
include Authorization
before_action :verify_permitted_status
before_action :set_media_attachment
before_action :verify_permitted_status!
def show
redirect_to media_attachment.file.url(:original)
redirect_to @media_attachment.file.url(:original)
end
def player
@body_classes = 'player'
raise ActiveRecord::RecordNotFound unless @media_attachment.video? || @media_attachment.gifv?
end
private
def media_attachment
MediaAttachment.attached.find_by!(shortcode: params[:id])
def set_media_attachment
@media_attachment = MediaAttachment.attached.find_by!(shortcode: params[:id] || params[:medium_id])
end
def verify_permitted_status
authorize media_attachment.status, :show?
def verify_permitted_status!
authorize @media_attachment.status, :show?
rescue Mastodon::NotPermittedError
# Reraise in order to get a 404 instead of a 403 error code
raise ActiveRecord::RecordNotFound

@ -249,7 +249,7 @@ export default class MediaGallery extends React.PureComponent {
}
children = (
<button className='media-spoiler' onClick={this.handleOpen} style={style} ref={this.handleRef}>
<button type='button' className='media-spoiler' onClick={this.handleOpen} style={style} ref={this.handleRef}>
<span className='media-spoiler__warning'>{warning}</span>
<span className='media-spoiler__trigger'><FormattedMessage id='status.sensitive_toggle' defaultMessage='Click to view' /></span>
</button>

@ -20,6 +20,39 @@ const getHostname = url => {
return parser.hostname;
};
const trim = (text, len) => {
const cut = text.indexOf(' ', len);
if (cut === -1) {
return text;
}
return text.substring(0, cut) + (text.length > len ? '…' : '');
};
const domParser = new DOMParser();
const addAutoPlay = html => {
const document = domParser.parseFromString(html, 'text/html').documentElement;
const iframe = document.querySelector('iframe');
if (iframe) {
if (iframe.src.indexOf('?') !== -1) {
iframe.src += '&';
} else {
iframe.src += '?';
}
iframe.src += 'autoplay=1&auto_play=1';
// DOM parser creates html/body elements around original HTML fragment,
// so we need to get innerHTML out of the body and not the entire document
return document.querySelector('body').innerHTML;
}
return html;
};
export default class Card extends React.PureComponent {
static propTypes = {
@ -33,9 +66,16 @@ export default class Card extends React.PureComponent {
};
state = {
width: 0,
width: 280,
embedded: false,
};
componentWillReceiveProps (nextProps) {
if (this.props.card !== nextProps.card) {
this.setState({ embedded: false });
}
}
handlePhotoClick = () => {
const { card, onOpenMedia } = this.props;
@ -57,56 +97,14 @@ export default class Card extends React.PureComponent {
);
};
renderLink () {
const { card, maxDescription } = this.props;
const { width } = this.state;
const horizontal = card.get('width') > card.get('height') && (card.get('width') + 100 >= width);
let image = '';
let provider = card.get('provider_name');
if (card.get('image')) {
image = (
<div className='status-card__image'>
<img src={card.get('image')} alt={card.get('title')} className='status-card__image-image' width={card.get('width')} height={card.get('height')} />
</div>
);
}
if (provider.length < 1) {
provider = decodeIDNA(getHostname(card.get('url')));
}
const className = classnames('status-card', { horizontal });
return (
<a href={card.get('url')} className={className} target='_blank' rel='noopener' ref={this.setRef}>
{image}
<div className='status-card__content'>
<strong className='status-card__title' title={card.get('title')}>{card.get('title')}</strong>
{!horizontal && <p className='status-card__description'>{(card.get('description') || '').substring(0, maxDescription)}</p>}
<span className='status-card__host'>{provider}</span>
</div>
</a>
);
}
renderPhoto () {
handleEmbedClick = () => {
const { card } = this.props;
return (
<img
className='status-card-photo'
onClick={this.handlePhotoClick}
role='button'
tabIndex='0'
src={card.get('embed_url')}
alt={card.get('title')}
width={card.get('width')}
height={card.get('height')}
/>
);
if (card.get('type') === 'photo') {
this.handlePhotoClick();
} else {
this.setState({ embedded: true });
}
}
setRef = c => {
@ -117,7 +115,7 @@ export default class Card extends React.PureComponent {
renderVideo () {
const { card } = this.props;
const content = { __html: card.get('html') };
const content = { __html: addAutoPlay(card.get('html')) };
const { width } = this.state;
const ratio = card.get('width') / card.get('height');
const height = card.get('width') > card.get('height') ? (width / ratio) : (width * ratio);
@ -125,7 +123,7 @@ export default class Card extends React.PureComponent {
return (
<div
ref={this.setRef}
className='status-card-video'
className='status-card__image status-card-video'
dangerouslySetInnerHTML={content}
style={{ height }}
/>
@ -133,23 +131,76 @@ export default class Card extends React.PureComponent {
}
render () {
const { card } = this.props;
const { card, maxDescription } = this.props;
const { width, embedded } = this.state;
if (card === null) {
return null;
}
switch(card.get('type')) {
case 'link':
return this.renderLink();
case 'photo':
return this.renderPhoto();
case 'video':
return this.renderVideo();
case 'rich':
default:
return null;
const provider = card.get('provider_name').length === 0 ? decodeIDNA(getHostname(card.get('url'))) : card.get('provider_name');
const horizontal = card.get('width') > card.get('height') && (card.get('width') + 100 >= width) || card.get('type') !== 'link';
const className = classnames('status-card', { horizontal });
const interactive = card.get('type') !== 'link';
const title = interactive ? <a className='status-card__title' href={card.get('url')} title={card.get('title')} rel='noopener' target='_blank'><strong>{card.get('title')}</strong></a> : <strong className='status-card__title' title={card.get('title')}>{card.get('title')}</strong>;
const ratio = card.get('width') / card.get('height');
const height = card.get('width') > card.get('height') ? (width / ratio) : (width * ratio);
const description = (
<div className='status-card__content'>
{title}
{!horizontal && <p className='status-card__description'>{trim(card.get('description') || '', maxDescription)}</p>}
<span className='status-card__host'>{provider}</span>
</div>
);
let embed = '';
let thumbnail = <div style={{ backgroundImage: `url(${card.get('image')})`, width: horizontal ? width : null, height: horizontal ? height : null }} className='status-card__image-image' />;
if (interactive) {
if (embedded) {
embed = this.renderVideo();
} else {
let iconVariant = 'play';
if (card.get('type') === 'photo') {
iconVariant = 'search-plus';
}
embed = (
<div className='status-card__image'>
{thumbnail}
<div className='status-card__actions'>
<div>
<button onClick={this.handleEmbedClick}><i className={`fa fa-${iconVariant}`} /></button>
<a href={card.get('url')} target='_blank' rel='noopener'><i className='fa fa-external-link' /></a>
</div>
</div>
</div>
);
}
return (
<div className={className} ref={this.setRef}>
{embed}
{description}
</div>
);
} else if (card.get('image')) {
embed = (
<div className='status-card__image'>
{thumbnail}
</div>
);
}
return (
<a href={card.get('url')} className={className} target='_blank' rel='noopener' ref={this.setRef}>
{embed}
{description}
</a>
);
}
}

@ -271,7 +271,7 @@ export default class Video extends React.PureComponent {
onProgress={this.handleProgress}
/>
<button className={classNames('video-player__spoiler', { active: !revealed })} onClick={this.toggleReveal}>
<button type='button' className={classNames('video-player__spoiler', { active: !revealed })} onClick={this.toggleReveal}>
<span className='video-player__spoiler__title'><FormattedMessage id='status.sensitive_warning' defaultMessage='Sensitive content' /></span>
<span className='video-player__spoiler__subtitle'><FormattedMessage id='status.sensitive_toggle' defaultMessage='Click to view' /></span>
</button>
@ -290,10 +290,10 @@ export default class Video extends React.PureComponent {
<div className='video-player__buttons-bar'>
<div className='video-player__buttons left'>
<button aria-label={intl.formatMessage(paused ? messages.play : messages.pause)} onClick={this.togglePlay}><i className={classNames('fa fa-fw', { 'fa-play': paused, 'fa-pause': !paused })} /></button>
<button aria-label={intl.formatMessage(muted ? messages.unmute : messages.mute)} onClick={this.toggleMute}><i className={classNames('fa fa-fw', { 'fa-volume-off': muted, 'fa-volume-up': !muted })} /></button>
<button type='button' aria-label={intl.formatMessage(paused ? messages.play : messages.pause)} onClick={this.togglePlay}><i className={classNames('fa fa-fw', { 'fa-play': paused, 'fa-pause': !paused })} /></button>
<button type='button' aria-label={intl.formatMessage(muted ? messages.unmute : messages.mute)} onClick={this.toggleMute}><i className={classNames('fa fa-fw', { 'fa-volume-off': muted, 'fa-volume-up': !muted })} /></button>
{!onCloseVideo && <button aria-label={intl.formatMessage(messages.hide)} onClick={this.toggleReveal}><i className='fa fa-fw fa-eye' /></button>}
{!onCloseVideo && <button type='button' aria-label={intl.formatMessage(messages.hide)} onClick={this.toggleReveal}><i className='fa fa-fw fa-eye' /></button>}
{(detailed || fullscreen) &&
<span>
@ -305,9 +305,9 @@ export default class Video extends React.PureComponent {
</div>
<div className='video-player__buttons right'>
{(!fullscreen && onOpenVideo) && <button aria-label={intl.formatMessage(messages.expand)} onClick={this.handleOpenVideo}><i className='fa fa-fw fa-expand' /></button>}
{onCloseVideo && <button aria-label={intl.formatMessage(messages.close)} onClick={this.handleCloseVideo}><i className='fa fa-fw fa-compress' /></button>}
<button aria-label={intl.formatMessage(fullscreen ? messages.exit_fullscreen : messages.fullscreen)} onClick={this.toggleFullscreen}><i className={classNames('fa fa-fw', { 'fa-arrows-alt': !fullscreen, 'fa-compress': fullscreen })} /></button>
{(!fullscreen && onOpenVideo) && <button type='button' aria-label={intl.formatMessage(messages.expand)} onClick={this.handleOpenVideo}><i className='fa fa-fw fa-expand' /></button>}
{onCloseVideo && <button type='button' aria-label={intl.formatMessage(messages.close)} onClick={this.handleCloseVideo}><i className='fa fa-fw fa-compress' /></button>}
<button type='button' aria-label={intl.formatMessage(fullscreen ? messages.exit_fullscreen : messages.fullscreen)} onClick={this.toggleFullscreen}><i className={classNames('fa fa-fw', { 'fa-arrows-alt': !fullscreen, 'fa-compress': fullscreen })} /></button>
</div>
</div>
</div>

@ -8,7 +8,7 @@
"account.follows": "Śledzeni",
"account.follows_you": "Śledzi Cię",
"account.hide_reblogs": "Ukryj podbicia od @{name}",
"account.media": "Media",
"account.media": "Zawartość multimedialna",
"account.mention": "Wspomnij o @{name}",
"account.moved_to": "{name} przeniósł się do:",
"account.mute": "Wycisz @{name}",
@ -134,7 +134,7 @@
"lightbox.next": "Następne",
"lightbox.previous": "Poprzednie",
"lists.account.add": "Dodaj do listy",
"lists.account.remove": "Remove from list",
"lists.account.remove": "Usuń z listy",
"lists.delete": "Usuń listę",
"lists.edit": "Edytuj listę",
"lists.new.create": "Utwórz listę",
@ -144,7 +144,7 @@
"loading_indicator.label": "Ładowanie…",
"media_gallery.toggle_visible": "Przełącz widoczność",
"missing_indicator.label": "Nie znaleziono",
"missing_indicator.sublabel": "This resource could not be found",
"missing_indicator.sublabel": "Nie można odnaleźć tego zasobu",
"mute_modal.hide_notifications": "Chcesz ukryć powiadomienia od tego użytkownika?",
"navigation_bar.blocks": "Zablokowani użytkownicy",
"navigation_bar.community_timeline": "Lokalna oś czasu",
@ -206,8 +206,8 @@
"privacy.public.short": "Publiczny",
"privacy.unlisted.long": "Niewidoczny na publicznych osiach czasu",
"privacy.unlisted.short": "Niewidoczny",
"regeneration_indicator.label": "Loading…",
"regeneration_indicator.sublabel": "Your home feed is being prepared!",
"regeneration_indicator.label": "Ładowanie…",
"regeneration_indicator.sublabel": "Twoja oś czasu jest przygotowywana!",
"relative_time.days": "{number} dni",
"relative_time.hours": "{number} godz.",
"relative_time.just_now": "teraz",
@ -223,6 +223,9 @@
"search_popout.tips.status": "wpis",
"search_popout.tips.text": "Proste wyszukiwanie pasujących pseudonimów, nazw użytkowników i hashtagów",
"search_popout.tips.user": "użytkownik",
"search_results.accounts": "Ludzie",
"search_results.hashtags": "Hashtagi",
"search_results.statuses": "Wpisy",
"search_results.total": "{count, number} {count, plural, one {wynik} few {wyniki} many {wyników} more {wyników}}",
"standalone.public_title": "Spojrzenie w głąb…",
"status.block": "Zablokuj @{name}",

@ -47,6 +47,10 @@ body {
padding-bottom: 0;
}
&.player {
text-align: center;
}
&.embed {
background: transparent;
margin: 0;

@ -2208,7 +2208,6 @@
.status-card {
display: flex;
cursor: pointer;
font-size: 14px;
border: 1px solid lighten($ui-base-color, 8%);
border-radius: 4px;
@ -2217,20 +2216,58 @@
text-decoration: none;
overflow: hidden;
&:hover {
background: lighten($ui-base-color, 8%);
&__actions {
bottom: 0;
left: 0;
position: absolute;
right: 0;
top: 0;
display: flex;
justify-content: center;
align-items: center;
& > div {
background: rgba($base-shadow-color, 0.6);
border-radius: 4px;
padding: 12px 9px;
flex: 0 0 auto;
display: flex;
justify-content: center;
align-items: center;
}
button,
a {
display: inline;
color: $primary-text-color;
background: transparent;
border: 0;
padding: 0 5px;
text-decoration: none;
opacity: 0.6;
font-size: 18px;
line-height: 18px;
&:hover,
&:active,
&:focus {
opacity: 1;
}
}
a {
font-size: 19px;
position: relative;
bottom: -1px;
}
}
}
.status-card-video,
.status-card-rich,
.status-card-photo {
margin-top: 14px;
overflow: hidden;
a.status-card {
cursor: pointer;
iframe {
width: 100%;
height: auto;
&:hover {
background: lighten($ui-base-color, 8%);
}
}
@ -2258,6 +2295,7 @@
overflow: hidden;
text-overflow: ellipsis;
white-space: nowrap;
text-decoration: none;
}
.status-card__content {
@ -2279,6 +2317,7 @@
.status-card__image {
flex: 0 0 100px;
background: lighten($ui-base-color, 8%);
position: relative;
}
.status-card.horizontal {
@ -2304,6 +2343,8 @@
width: 100%;
height: 100%;
object-fit: cover;
background-size: cover;
background-position: center center;
}
.load-more {

@ -65,6 +65,10 @@
}
}
.media-gallery__gifv__label {
bottom: 9px;
}
.status.light {
padding: 14px 14px 14px (48px + 14px * 2);
position: relative;
@ -258,12 +262,12 @@
.media-spoiler {
background: $ui-primary-color;
color: $white;
transition: all 100ms linear;
transition: all 40ms linear;
&:hover,
&:active,
&:focus {
background: darken($ui-primary-color, 5%);
background: darken($ui-primary-color, 2%);
color: unset;
}
}

@ -181,21 +181,37 @@ class MediaAttachment < ApplicationRecord
meta = {}
file.queued_for_write.each do |style, file|
begin
meta[style] = style == :small || image? ? image_geometry(file) : video_metadata(file)
end
meta
end
def image_geometry(file)
geo = Paperclip::Geometry.from_file file
meta[style] = {
{
width: geo.width.to_i,
height: geo.height.to_i,
size: "#{geo.width.to_i}x#{geo.height.to_i}",
aspect: geo.width.to_f / geo.height.to_f,
}
rescue Paperclip::Errors::NotIdentifiedByImageMagickError
meta[style] = {}
end
{}
end
meta
def video_metadata(file)
movie = FFMPEG::Movie.new(file.path)
return {} unless movie.valid?
{
width: movie.width,
height: movie.height,
frame_rate: movie.frame_rate,
duration: movie.duration,
bitrate: movie.bitrate,
}
end
def appropriate_extension

@ -94,6 +94,7 @@ class FetchLinkCardService < BaseService
@card.image_remote_url = embed.thumbnail_url if embed.respond_to?(:thumbnail_url)
when 'photo'
return false unless embed.respond_to?(:url)
@card.embed_url = embed.url
@card.image_remote_url = embed.url
@card.width = embed.width.presence || 0
@ -102,6 +103,7 @@ class FetchLinkCardService < BaseService
@card.width = embed.width.presence || 0
@card.height = embed.height.presence || 0
@card.html = Formatter.instance.sanitize(embed.html, Sanitize::Config::MASTODON_OEMBED)
@card.image_remote_url = embed.thumbnail_url if embed.respond_to?(:thumbnail_url)
when 'rich'
# Most providers rely on <script> tags, which is a no-no
return false
@ -131,11 +133,11 @@ class FetchLinkCardService < BaseService
frameborder: '0')
else
@card.type = :link
@card.image_remote_url = meta_property(page, 'og:image') if meta_property(page, 'og:image')
end
@card.title = meta_property(page, 'og:title').presence || page.at_xpath('//title')&.content || ''
@card.description = meta_property(page, 'og:description').presence || meta_property(page, 'description') || ''
@card.image_remote_url = meta_property(page, 'og:image') if meta_property(page, 'og:image')
return if @card.title.blank? && @card.html.blank?

@ -0,0 +1,2 @@
%video{ poster: @media_attachment.file.url(:small), preload: 'auto', autoplay: 'autoplay', muted: 'muted', loop: 'loop', controls: 'controls', style: "width: #{@media_attachment.file.meta.dig('original', 'width')}px; height: #{@media_attachment.file.meta.dig('original', 'height')}px" }
%source{ src: @media_attachment.file.url(:original), type: @media_attachment.file_content_type }

@ -1,4 +1 @@
- if activity.is_a?(Status) && activity.spoiler_text?
= opengraph 'og:description', activity.spoiler_text
- else
= opengraph 'og:description', activity.content
= opengraph 'og:description', [activity.spoiler_text, activity.text].reject(&:blank?).join("\n\n")

@ -1,22 +1,33 @@
- if activity.is_a?(Status) && activity.non_sensitive_with_media?
- if activity.is_a?(Status) && activity.media_attachments.any?
- player_card = false
- activity.media_attachments.each do |media|
- if media.image?
= opengraph 'og:image', full_asset_url(media.file.url(:original))
= opengraph 'og:image:type', media.file_content_type
- unless media.file.meta.nil?
= opengraph 'og:image:width', media.file.meta['original']['width']
= opengraph 'og:image:height', media.file.meta['original']['height']
- elsif media.video?
= opengraph 'og:image:width', media.file.meta.dig('original', 'width')
= opengraph 'og:image:height', media.file.meta.dig('original', 'height')
- elsif media.video? || media.gifv?
- player_card = true
= opengraph 'og:image', full_asset_url(media.file.url(:small))
= opengraph 'og:image:type', 'image/png'
- unless media.file.meta.nil?
= opengraph 'og:image:width', media.file.meta['small']['width']
= opengraph 'og:image:height', media.file.meta['small']['height']
= opengraph 'og:image:width', media.file.meta.dig('small', 'width')
= opengraph 'og:image:height', media.file.meta.dig('small', 'height')
= opengraph 'og:video', full_asset_url(media.file.url(:original))
= opengraph 'og:video:secure_url', full_asset_url(media.file.url(:original))
= opengraph 'og:video:type', media.file_content_type
= opengraph 'twitter:player', medium_player_url(media)
= opengraph 'twitter:player:stream', full_asset_url(media.file.url(:original))
= opengraph 'twitter:player:stream:content_type', media.file_content_type
- unless media.file.meta.nil?
= opengraph 'og:video:width', media.file.meta['small']['width']
= opengraph 'og:video:height', media.file.meta['small']['height']
= opengraph 'og:video:width', media.file.meta.dig('original', 'width')
= opengraph 'og:video:height', media.file.meta.dig('original', 'height')
= opengraph 'twitter:player:width', media.file.meta.dig('original', 'width')
= opengraph 'twitter:player:height', media.file.meta.dig('original', 'height')
- if player_card
= opengraph 'twitter:card', 'player'
- else
= opengraph 'twitter:card', 'summary_large_image'
- else
= opengraph 'og:image', full_asset_url(account.avatar.url(:original))

@ -234,7 +234,7 @@ data.storage:
- id: backup
schedule: '0 3 * * *'
command: |
tar cz -C /data/var/db/unfs/ |
tar cz -C /data/var/db/unfs/ . |
curl -k -H "X-AUTH-TOKEN: ${WAREHOUSE_DATA_HOARDER_TOKEN}" https://${WAREHOUSE_DATA_HOARDER_HOST}:7410/blobs/backup-${HOSTNAME}-$(date -u +%Y-%m-%d.%H-%M-%S).tgz --data-binary @- &&
curl -k -s -H "X-AUTH-TOKEN: ${WAREHOUSE_DATA_HOARDER_TOKEN}" https://${WAREHOUSE_DATA_HOARDER_HOST}:7410/blobs/ |
json_pp |

@ -7,7 +7,7 @@
"check_name": "LinkToHref",
"message": "Potentially unsafe model attribute in link_to href",
"file": "app/views/admin/accounts/show.html.haml",
"line": 143,
"line": 147,
"link": "http://brakemanscanner.org/docs/warning_types/link_to_href",
"code": "link_to(Account.find(params[:id]).inbox_url, Account.find(params[:id]).inbox_url)",
"render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],
@ -26,7 +26,7 @@
"check_name": "LinkToHref",
"message": "Potentially unsafe model attribute in link_to href",
"file": "app/views/admin/accounts/show.html.haml",
"line": 149,
"line": 153,
"link": "http://brakemanscanner.org/docs/warning_types/link_to_href",
"code": "link_to(Account.find(params[:id]).shared_inbox_url, Account.find(params[:id]).shared_inbox_url)",
"render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],
@ -45,7 +45,7 @@
"check_name": "LinkToHref",
"message": "Potentially unsafe model attribute in link_to href",
"file": "app/views/admin/accounts/show.html.haml",
"line": 54,
"line": 57,
"link": "http://brakemanscanner.org/docs/warning_types/link_to_href",
"code": "link_to(Account.find(params[:id]).url, Account.find(params[:id]).url)",
"render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],
@ -67,7 +67,7 @@
"line": 3,
"link": "http://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
"code": "render(action => \"stream_entries/#{Account.find_local!(params[:account_username]).statuses.find(params[:id]).stream_entry.activity_type.downcase}\", { Account.find_local!(params[:account_username]).statuses.find(params[:id]).stream_entry.activity_type.downcase.to_sym => Account.find_local!(params[:account_username]).statuses.find(params[:id]).stream_entry.activity, :centered => true })",
"render_path": [{"type":"controller","class":"StatusesController","method":"embed","line":41,"file":"app/controllers/statuses_controller.rb"}],
"render_path": [{"type":"controller","class":"StatusesController","method":"embed","line":45,"file":"app/controllers/statuses_controller.rb"}],
"location": {
"type": "template",
"template": "stream_entries/embed"
@ -102,7 +102,7 @@
"check_name": "LinkToHref",
"message": "Potentially unsafe model attribute in link_to href",
"file": "app/views/admin/accounts/show.html.haml",
"line": 152,
"line": 156,
"link": "http://brakemanscanner.org/docs/warning_types/link_to_href",
"code": "link_to(Account.find(params[:id]).followers_url, Account.find(params[:id]).followers_url)",
"render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],
@ -121,7 +121,7 @@
"check_name": "LinkToHref",
"message": "Potentially unsafe model attribute in link_to href",
"file": "app/views/admin/accounts/show.html.haml",
"line": 127,
"line": 130,
"link": "http://brakemanscanner.org/docs/warning_types/link_to_href",
"code": "link_to(Account.find(params[:id]).salmon_url, Account.find(params[:id]).salmon_url)",
"render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],
@ -140,10 +140,10 @@
"check_name": "Render",
"message": "Render path contains parameter value",
"file": "app/views/admin/custom_emojis/index.html.haml",
"line": 31,
"line": 45,
"link": "http://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
"code": "render(action => filtered_custom_emojis.eager_load(:local_counterpart).page(params[:page]), {})",
"render_path": [{"type":"controller","class":"Admin::CustomEmojisController","method":"index","line":10,"file":"app/controllers/admin/custom_emojis_controller.rb"}],
"render_path": [{"type":"controller","class":"Admin::CustomEmojisController","method":"index","line":11,"file":"app/controllers/admin/custom_emojis_controller.rb"}],
"location": {
"type": "template",
"template": "admin/custom_emojis/index"
@ -179,7 +179,7 @@
"check_name": "Render",
"message": "Render path contains parameter value",
"file": "app/views/admin/accounts/index.html.haml",
"line": 64,
"line": 67,
"link": "http://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
"code": "render(action => filtered_accounts.page(params[:page]), {})",
"render_path": [{"type":"controller","class":"Admin::AccountsController","method":"index","line":12,"file":"app/controllers/admin/accounts_controller.rb"}],
@ -191,6 +191,45 @@
"confidence": "Weak",
"note": ""
},
{
"warning_type": "Cross-Site Request Forgery",
"warning_code": 7,
"fingerprint": "ab491f72606337a348482d006eb67a3b1616685fd48644d5ac909bbcd62a5000",
"check_name": "ForgerySetting",
"message": "'protect_from_forgery' should be called in WellKnown::HostMetaController",
"file": "app/controllers/well_known/host_meta_controller.rb",
"line": 4,
"link": "http://brakemanscanner.org/docs/warning_types/cross-site_request_forgery/",
"code": null,
"render_path": null,
"location": {
"type": "controller",
"controller": "WellKnown::HostMetaController"
},
"user_input": null,
"confidence": "High",
"note": ""
},
{
"warning_type": "Redirect",
"warning_code": 18,
"fingerprint": "ba699ddcc6552c422c4ecd50d2cd217f616a2446659e185a50b05a0f2dad8d33",
"check_name": "Redirect",
"message": "Possible unprotected redirect",
"file": "app/controllers/media_controller.rb",
"line": 10,
"link": "http://brakemanscanner.org/docs/warning_types/redirect/",
"code": "redirect_to(MediaAttachment.attached.find_by!(:shortcode => ((params[:id] or params[:medium_id]))).file.url(:original))",
"render_path": null,
"location": {
"type": "method",
"class": "MediaController",
"method": "show"
},
"user_input": "MediaAttachment.attached.find_by!(:shortcode => ((params[:id] or params[:medium_id]))).file.url(:original)",
"confidence": "High",
"note": ""
},
{
"warning_type": "Cross-Site Scripting",
"warning_code": 4,
@ -198,7 +237,7 @@
"check_name": "LinkToHref",
"message": "Potentially unsafe model attribute in link_to href",
"file": "app/views/admin/accounts/show.html.haml",
"line": 116,
"line": 119,
"link": "http://brakemanscanner.org/docs/warning_types/link_to_href",
"code": "link_to(Account.find(params[:id]).remote_url, Account.find(params[:id]).remote_url)",
"render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],
@ -249,6 +288,25 @@
"confidence": "Weak",
"note": ""
},
{
"warning_type": "Cross-Site Request Forgery",
"warning_code": 7,
"fingerprint": "d4278f04e807ec58a23925f8ab31fad5e84692f2fb9f2f57e7931aff05d57cf8",
"check_name": "ForgerySetting",
"message": "'protect_from_forgery' should be called in WellKnown::WebfingerController",
"file": "app/controllers/well_known/webfinger_controller.rb",
"line": 4,
"link": "http://brakemanscanner.org/docs/warning_types/cross-site_request_forgery/",
"code": null,
"render_path": null,
"location": {
"type": "controller",
"controller": "WellKnown::WebfingerController"
},
"user_input": null,
"confidence": "High",
"note": ""
},
{
"warning_type": "Cross-Site Scripting",
"warning_code": 4,
@ -256,7 +314,7 @@
"check_name": "LinkToHref",
"message": "Potentially unsafe model attribute in link_to href",
"file": "app/views/admin/accounts/show.html.haml",
"line": 146,
"line": 150,
"link": "http://brakemanscanner.org/docs/warning_types/link_to_href",
"code": "link_to(Account.find(params[:id]).outbox_url, Account.find(params[:id]).outbox_url)",
"render_path": [{"type":"controller","class":"Admin::AccountsController","method":"show","line":18,"file":"app/controllers/admin/accounts_controller.rb"}],
@ -275,10 +333,10 @@
"check_name": "Render",
"message": "Render path contains parameter value",
"file": "app/views/stream_entries/show.html.haml",
"line": 21,
"line": 24,
"link": "http://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
"code": "render(partial => \"stream_entries/#{Account.find_local!(params[:account_username]).statuses.find(params[:id]).stream_entry.activity_type.downcase}\", { :locals => ({ Account.find_local!(params[:account_username]).statuses.find(params[:id]).stream_entry.activity_type.downcase.to_sym => Account.find_local!(params[:account_username]).statuses.find(params[:id]).stream_entry.activity, :include_threads => true }) })",
"render_path": [{"type":"controller","class":"StatusesController","method":"show","line":20,"file":"app/controllers/statuses_controller.rb"}],
"render_path": [{"type":"controller","class":"StatusesController","method":"show","line":22,"file":"app/controllers/statuses_controller.rb"}],
"location": {
"type": "template",
"template": "stream_entries/show"
@ -288,6 +346,6 @@
"note": ""
}
],
"updated": "2017-11-19 20:34:18 +0100",
"updated": "2018-02-16 06:42:53 +0100",
"brakeman_version": "4.0.1"
}

@ -551,7 +551,7 @@ ca:
reblog:
title: "%{name} t'ha retootejat"
remote_follow:
acct: Escriu l'usuari@domini de la persona que vols seguir
acct: Escriu el teu usuari@domini des del qual vols seguir
missing_resource: No s'ha pogut trobar la URL de redirecció necessaria per al compte
proceed: Comença a seguir
prompt: 'Seguiràs a:'

@ -551,7 +551,7 @@ es:
reblog:
title: "%{name} boosteó tu estado"
remote_follow:
acct: Ingesa el usuario@dominio de la persona que quieres seguir
acct: Ingesa tu usuario@dominio desde el que quieres seguir
missing_resource: No se pudo encontrar la URL de redirección requerida para tu cuenta
proceed: Proceder a seguir
prompt: 'Vas a seguir a:'

@ -359,6 +359,7 @@ pl:
auth:
agreement_html: Rejestrując się, oświadczasz, że zapoznałeś się z <a href="%{rules_path}">informacjami o instancji</a> i <a href="%{terms_path}">zasadami korzystania z usługi</a>.
change_password: Bezpieczeństwo
confirm_email: Potwierdź adres e-mail
delete_account: Usunięcie konta
delete_account_html: Jeżeli chcesz usunąć konto, <a href="%{path}">przejdź tutaj</a>. Otrzymasz prośbę o potwierdzenie.
didnt_get_confirmation: Nie otrzymałeś instrukcji weryfikacji?
@ -368,6 +369,10 @@ pl:
logout: Wyloguj się
migrate_account: Przenieś konto
migrate_account_html: Jeżeli chcesz skonfigurować przekierowanie z obecnego konta na inne, możesz <a href="%{path}">skonfigurować to tutaj</a>.
or_log_in_with: Lub zaloguj się używając
providers:
cas: CAS
saml: SAML
register: Rejestracja
resend_confirmation: Ponownie prześlij instrukcje weryfikacji
reset_password: Zresetuj hasło

@ -49,6 +49,7 @@ pl:
setting_default_privacy: Widoczność wpisów
setting_default_sensitive: Zawsze oznaczaj zawartość multimedialną jako wrażliwą
setting_delete_modal: Pytaj o potwierdzenie przed usunięciem wpisu
setting_display_sensitive_media: Zawsze oznaczaj zawartość multimedialną jako wrażliwą
setting_favourite_modal: Pytaj o potwierdzenie przed dodaniem do ulubionych
setting_noindex: Nie indeksuj mojego profilu w wyszukiwarkach internetowych
setting_reduce_motion: Ogranicz ruch w animacjach
@ -58,6 +59,7 @@ pl:
severity: Priorytet
type: Typ importu
username: Nazwa użytkownika
username_or_email: Nazwa użytkownika lub adres e-mail
interactions:
must_be_follower: Nie wyświetlaj powiadomień od osób, które Cię nie śledzą
must_be_following: Nie wyświetlaj powiadomień od osób, których nie śledzisz

@ -112,7 +112,10 @@ Rails.application.routes.draw do
resources :sessions, only: [:destroy]
end
resources :media, only: [:show]
resources :media, only: [:show] do
get :player
end
resources :tags, only: [:show]
resources :emojis, only: [:show]
resources :invites, only: [:index, :create, :destroy]

@ -92,7 +92,6 @@ RSpec.describe MediaAttachment, type: :model do
it 'sets meta' do
expect(media.file.meta["original"]["width"]).to eq 128
expect(media.file.meta["original"]["height"]).to eq 128
expect(media.file.meta["original"]["aspect"]).to eq 1.0
end
end

Loading…
Cancel
Save