aiden
/
mastodon
mirror of https://github.com/mastodon/mastodon
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
i18n/crowdin/translations
renovate/devdependencies-(non-major)
main
renovate/node-22.x
renovate/postcss-preset-env-10.x-lockfile
renovate/annotaterb-4.x-lockfile
renovate/opentelemetry-ruby-(non-major)
renovate/rubocop-(non-major)
renovate/aws-sdk-s3-1.x-lockfile
renovate/ffmpeg-8.x
renovate/simplecov-lcov-0.x-lockfile
renovate/stoplight-digest
stable-4.4
renovate/net-ldap-0.x-lockfile
feat/thunk-conditional-dispatch
refactor/tanstack-router
fixes/httplog-debug
renovate/express-5.x
renovate/dotenv-17.x
renovate/pino-9.x-lockfile
renovate/dotenv-16.x-lockfile
features/extend-quote-edit-notification
refactor/combine-action-bars
feature/valkey-version
backports/4.4-reserved-usernames
renovate/brakeman-7.x-lockfile
refactor/compose-state
stable-4.2
stable-4.3
emoji/layout-shifting
emoji/display-names
fix/MAS-381-remove-swipeable-views
dion/fix-duplicated-scroll-context-logic
feature-preview-fep-b2b8
features/numeric-identifiers
echo/mas-183-rework-the-emoji-data-related-code
fixes/cancel-follow-request
feature-thread-pagination
fixes/pending-hashtags-count
hacks/mailer-cutoff
features/ruby-vite-name-lookup
feature-avatar-color-extraction
feature-starter-packs
investigations/e2e-failures
dion/add-mutual-info-to-hover-card
feature-quotes-web
fix-accidental-new-tab-on-scroll
stable-4.1
remove-rails-delegate
debug/ghost-followers-synchronization
feature-streaming-profile
fixes/account-note
fixes/recheck-suspensions
feat/fasp_trends
updates/vips
features/split-in-app-notif
refactor/modal-stack
tests/media-description-modal
fixes/out-of-order-private-posts
fixes/thread-resolve-worker-skip_fetching
replace-oj-with-json
refactor-status-content-typescript
fixes/embed-requestAnimationFrame
features/lock-icon-on-hover-card
feature-admin-report-forward
feature-reports-batch-actions
fix-admin-dashboard-slow
fix-future-date-trend
redesign/content-warning-filters-4.3
fixes/filtered-follows
remove/trendable-provider-attribution
activitypub/summary-over-name
build-stable-nightly
fixes/notification-excerpt-paragraph
fixes/mastodon-setup-task-redis
fixes/regexp-timeout-optional
fixes/small-otp-secret-length-4.1
fixes/small-otp-secret-length-4.2
fixes/dashboard-quick-access-overflow
fixes/middle-column-size
fix-context-socialweb-miscellany
fixes/detect-missing-indexes2
cleanup/simplify-css
feature-post-layout
features/media-description-in-embedded-status
design/notifications-grid
fix-lookup-domain
flaky-conversations-test
fixes/crash-orphaned-notification
fixes/report-links
features/filtered-dismiss-accept-all
feat/clean-up-notifications
fixes/everyone-role-n+1
redesign/notification-request
experimental/notification-groups-api-shape
spike/resolve-urls-on-click
cleanup/drop-atomuri
fixes/dismissing-notification-requests-dismisses-too-much
revert-system-check
feature-redirect
fix-unusable-hashtag
tests/flaky-tests-performance-logs
feature-grouped-notifications-ui
fix-mute-buttons
features/local-preview-cards-2nd-take
fix-conversations-background
revert-severed-relationships-feature
features/local-preview-cards
stable-3.5
stable-4.0
stable-3.4
releases/v3.5.17
releases/v4.1.13
releases/v4.2.5
version/v4.3.0-alpha.1
fix/build-env
feature-color-scheme
revert/follow-back-mutual
gh-readonly-queue/main/pr-28626-1ad908e0c08c236389967d86b4f238f428de9fef
fixes/per-user-authorized-fetch
fixes/import-many-follows-overlap
fix-web-thread-sort
test-new-container-build
fixes/24px-icons
features/registration-invite-api
fixes/service-worker-caching
fixes/account-refresh-link-verification
feature-like
tests/introduce-error
fixes/lint-fix
fixes/object-has-own-polyfill
fixes/audio-passthrough
fixes/audit-log-external-confirmation
features/banners
refactor/search-query-parser
remove-profile-directory
redesign/notification-settings
feature-separate-hashtags
fixes/self-destruct-throttle
fixes/subdomain-block-4.1.6
redesign/hashtag-column-follow-button
feature-trend-highlights
revert-23460-fixes/activitypub-hashtag
pg15
prevent-unauthenticated-access-tag-timeline
support-rich-oembed
fix-caniuselite-lockfile
track_unsalvageable_errors
add-publish-button-text-site-setting
nolan/button-a11y
i18n/manage-translations
deps/shakapacker
rubocop-fixes
react18
stable-3.3
stable-3.2
stable-3.1
stable-3.0
stable-2.9
stable-2.8
stable-2.7
stable-2.5
stable-2.6
stable-2.4
v0.1.2
v0.1.1
v0.1.0
v0.6
v0.7
v0.8
v0.9
v0.9.9
v1.0
v1.1
v1.1.1
v1.1.2
v1.2
v1.2.1
v1.2.2
v1.3
v1.3.1
v1.3.2
v1.3.3
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4rc1
v1.4rc2
v1.4rc3
v1.4rc4
v1.4rc5
v1.4rc6
v1.5.0
v1.5.0rc1
v1.5.0rc2
v1.5.0rc3
v1.5.1
v1.6.0
v1.6.0rc1
v1.6.0rc2
v1.6.0rc3
v1.6.0rc4
v1.6.0rc5
v1.6.1
v2.0.0
v2.0.0rc1
v2.0.0rc2
v2.0.0rc3
v2.0.0rc4
v2.1.0
v2.1.0rc1
v2.1.0rc2
v2.1.0rc3
v2.1.0rc4
v2.1.0rc5
v2.1.0rc6
v2.1.1
v2.1.2
v2.1.3
v2.2.0
v2.2.0rc1
v2.2.0rc2
v2.3.0
v2.3.0rc1
v2.3.0rc2
v2.3.0rc3
v2.3.1
v2.3.1rc1
v2.3.1rc2
v2.3.1rc3
v2.3.2
v2.3.2rc1
v2.3.2rc2
v2.3.2rc3
v2.3.2rc4
v2.3.2rc5
v2.3.3
v2.4.0
v2.4.0rc1
v2.4.0rc2
v2.4.0rc3
v2.4.0rc4
v2.4.0rc5
v2.4.1
v2.4.1rc1
v2.4.1rc2
v2.4.1rc3
v2.4.1rc4
v2.4.2
v2.4.2rc1
v2.4.2rc2
v2.4.2rc3
v2.4.3
v2.4.3rc1
v2.4.3rc2
v2.4.3rc3
v2.4.4
v2.4.5
v2.5.0
v2.5.0rc1
v2.5.0rc2
v2.5.1
v2.5.2
v2.6.0
v2.6.0rc1
v2.6.0rc2
v2.6.0rc3
v2.6.0rc4
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.7.0
v2.7.0rc1
v2.7.0rc2
v2.7.0rc3
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.8.0
v2.8.0rc1
v2.8.0rc2
v2.8.0rc3
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.9.0
v2.9.0rc1
v2.9.0rc2
v2.9.1
v2.9.2
v2.9.3
v2.9.4
v3.0.0
v3.0.0rc1
v3.0.0rc2
v3.0.0rc3
v3.0.1
v3.0.2
v3.1.0
v3.1.0rc1
v3.1.0rc2
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.2.0
v3.2.0rc1
v3.2.0rc2
v3.2.1
v3.2.2
v3.3.0
v3.3.0rc1
v3.3.0rc2
v3.3.0rc3
v3.3.1
v3.3.2
v3.3.3
v3.4.0
v3.4.0rc1
v3.4.0rc2
v3.4.1
v3.4.10
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v3.5.0
v3.5.0rc1
v3.5.0rc2
v3.5.0rc3
v3.5.1
v3.5.10
v3.5.11
v3.5.12
v3.5.13
v3.5.14
v3.5.15
v3.5.16
v3.5.17
v3.5.18
v3.5.19
v3.5.2
v3.5.3
v3.5.4
v3.5.5
v3.5.6
v3.5.7
v3.5.8
v3.5.9
v4.0.0
v4.0.0rc1
v4.0.0rc2
v4.0.0rc3
v4.0.0rc4
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.14
v4.0.15
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.0rc1
v4.1.0rc2
v4.1.0rc3
v4.1.1
v4.1.10
v4.1.11
v4.1.12
v4.1.13
v4.1.14
v4.1.15
v4.1.16
v4.1.17
v4.1.18
v4.1.19
v4.1.2
v4.1.20
v4.1.21
v4.1.22
v4.1.23
v4.1.24
v4.1.25
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.2.0
v4.2.0-beta1
v4.2.0-beta2
v4.2.0-beta3
v4.2.0-rc1
v4.2.0-rc2
v4.2.1
v4.2.10
v4.2.11
v4.2.12
v4.2.13
v4.2.14
v4.2.15
v4.2.16
v4.2.17
v4.2.18
v4.2.19
v4.2.2
v4.2.20
v4.2.21
v4.2.22
v4.2.23
v4.2.24
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.2.7
v4.2.8
v4.2.9
v4.3.0
v4.3.0-beta.1
v4.3.0-beta.2
v4.3.0-rc.1
v4.3.1
v4.3.10
v4.3.11
v4.3.2
v4.3.3
v4.3.4
v4.3.5
v4.3.6
v4.3.7
v4.3.8
v4.3.9
v4.4.0
v4.4.0-beta.1
v4.4.0-beta.2
v4.4.0-rc.1
v4.4.1
v4.4.2
v4.4.3
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4942a7ce86'
${ noResults }
mastodon/app/models
History
Claire 0a120d86d2
Fix error-prone SQL queries (#15828) 
* Fix error-prone SQL queries in Account search

While this code seems to not present an actual vulnerability, one could
easily be introduced by mistake due to how the query is built.

This PR parameterises the `to_tsquery` input to make the query more robust.

* Harden code for Status#tagged_with_all and Status#tagged_with_none

Those two scopes aren't used in a way that could be vulnerable to an SQL
injection, but keeping them unchanged might be a hazard.

* Remove unneeded spaces surrounding tsquery term

* Please CodeClimate

* Move advanced_search_for SQL template to its own function

This avoids one level of indentation while making clearer that the SQL template
isn't build from all the dynamic parameters of advanced_search_for.

* Add tests covering tagged_with, tagged_with_all and tagged_with_none

* Rewrite tagged_with_none to avoid multiple joins and make it more robust

* Remove obsolete brakeman warnings

* Revert "Remove unneeded spaces surrounding tsquery term"

The two queries are not strictly equivalent.

This reverts commit 86f16c537e.
 		4 years ago
..
account_suggestions Change auto-following admin-selected accounts, show in recommendations (#16078) 4 years ago
admin Add notifications for statuses deleted by moderators (#17204) 4 years ago
concerns Add notifications for statuses deleted by moderators (#17204) 4 years ago
form Add notifications for statuses deleted by moderators (#17204) 4 years ago
trends Change trending hashtags threshold back from 15 to 5 (#17122) 4 years ago
web
account.rb Fix error-prone SQL queries (#15828) 4 years ago
account_alias.rb
account_conversation.rb
account_deletion_request.rb
account_domain_block.rb
account_filter.rb Remove IP tracking columns from users table (#16409) 4 years ago
account_migration.rb
account_moderation_note.rb
account_note.rb Fix AccountNote not having a maximum length (#16942) 4 years ago
account_pin.rb
account_stat.rb Bump chewy from 5.2.0 to 7.2.3 (supports Elasticsearch 7.x) (#16915) 4 years ago
account_statuses_cleanup_policy.rb Add trending links (#16917) 4 years ago
account_suggestions.rb Change auto-following admin-selected accounts, show in recommendations (#16078) 4 years ago
account_summary.rb Fix FollowRecommendationsScheduler failing because of unpopulated views (#16189) 4 years ago
account_warning.rb Add notifications for statuses deleted by moderators (#17204) 4 years ago
account_warning_preset.rb
admin.rb
announcement.rb
announcement_filter.rb
announcement_mute.rb
announcement_reaction.rb
application_record.rb
backup.rb
block.rb
bookmark.rb Bump chewy from 5.2.0 to 7.2.3 (supports Elasticsearch 7.x) (#16915) 4 years ago
canonical_email_block.rb Add ability for admins to delete canonical email blocks (#16644) 4 years ago
context.rb
conversation.rb
conversation_mute.rb
custom_emoji.rb Switch from unmaintained paperclip to kt-paperclip (#16724) 4 years ago
custom_emoji_category.rb
custom_emoji_filter.rb
custom_filter.rb
device.rb
domain_allow.rb
domain_block.rb
email_domain_block.rb
encrypted_message.rb
export.rb
favourite.rb Bump chewy from 5.2.0 to 7.2.3 (supports Elasticsearch 7.x) (#16915) 4 years ago
featured_tag.rb
feed.rb
follow.rb
follow_recommendation.rb Fix FollowRecommendationsScheduler failing because of unpopulated views (#16189) 4 years ago
follow_recommendation_filter.rb
follow_recommendation_suppression.rb
follow_request.rb Fix edge case where accepted follow cannot be processed because of follow limit (#16098) 4 years ago
home_feed.rb
identity.rb
import.rb
instance.rb Add management of delivery availability in Federation settings (#15771) 4 years ago
instance_filter.rb Add management of delivery availability in Federation settings (#15771) 4 years ago
invite.rb
invite_filter.rb
ip_block.rb
list.rb
list_account.rb
list_feed.rb
login_activity.rb Add authentication history (#16408) 4 years ago
marker.rb
media_attachment.rb Fix error when rendering public pages with media attachments (#16763) 4 years ago
mention.rb
message_franking.rb
mute.rb
notification.rb
one_time_key.rb
poll.rb Add support for editing for published statuses (#16697) 4 years ago
poll_vote.rb
preview_card.rb Fix error on trending hashtags/links pages in admin UI due to missing constant (#17044) 4 years ago
preview_card_filter.rb Add trending links (#16917) 4 years ago
preview_card_provider.rb Add trending links (#16917) 4 years ago
preview_card_provider_filter.rb Add trending links (#16917) 4 years ago
public_feed.rb
relationship_filter.rb
relay.rb
remote_follow.rb
report.rb Add notifications for statuses deleted by moderators (#17204) 4 years ago
report_filter.rb Add notifications for statuses deleted by moderators (#17204) 4 years ago
report_note.rb
rule.rb
scheduled_status.rb
search.rb
session_activation.rb Add Ruby 3.0 support (#16046) 4 years ago
setting.rb
site_upload.rb
status.rb Fix error-prone SQL queries (#15828) 4 years ago
status_edit.rb Add support for editing for published statuses (#16697) 4 years ago
status_pin.rb Add feature to automatically delete old toots (#16529) 4 years ago
status_stat.rb
system_key.rb
tag.rb Fix error on trending hashtags/links pages in admin UI due to missing constant (#17044) 4 years ago
tag_feed.rb
tag_filter.rb Add trending links (#16917) 4 years ago
tombstone.rb
trends.rb Add trending links (#16917) 4 years ago
unavailable_domain.rb
user.rb Remove leftover database columns from Devise::Models::Rememberable (#17191) 4 years ago
user_invite_request.rb
user_ip.rb Remove IP tracking columns from users table (#16409) 4 years ago
web.rb
webauthn_credential.rb