From 7b63c5469ef0106aebe4151640832378e6d31067 Mon Sep 17 00:00:00 2001 From: ThibG Date: Fri, 28 Feb 2020 13:49:45 +0100 Subject: [PATCH 1/4] Fix announcements with fully-qualified mention to local user crashing WebUI (#13164) --- app/models/account.rb | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/app/models/account.rb b/app/models/account.rb index 0eb719d65..778429b0d 100644 --- a/app/models/account.rb +++ b/app/models/account.rb @@ -478,7 +478,16 @@ class Account < ApplicationRecord def from_text(text) return [] if text.blank? - text.scan(MENTION_RE).map { |match| match.first.split('@', 2) }.uniq.map { |(username, domain)| EntityCache.instance.mention(username, domain) } + text.scan(MENTION_RE).map { |match| match.first.split('@', 2) }.uniq.map do |(username, domain)| + domain = begin + if TagManager.instance.local_domain?(domain) + nil + else + TagManager.instance.normalize_domain(domain) + end + end + EntityCache.instance.mention(username, domain) + end.compact end private From 047fde18c3d20dcd74b14613a648a03b573f802d Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Sat, 29 Feb 2020 02:57:14 +0100 Subject: [PATCH 2/4] [Security] Bump puma from 4.3.1 to 4.3.2 (#13167) Bumps [puma](https://github.com/puma/puma) from 4.3.1 to 4.3.2. **This update includes a security fix.** - [Release notes](https://github.com/puma/puma/releases) - [Changelog](https://github.com/puma/puma/blob/master/History.md) - [Commits](https://github.com/puma/puma/compare/v4.3.1...v4.3.2) Signed-off-by: dependabot-preview[bot] --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 788785ef1..7289e1445 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -435,7 +435,7 @@ GEM pry-rails (0.3.9) pry (>= 0.10.4) public_suffix (4.0.3) - puma (4.3.1) + puma (4.3.2) nio4r (~> 2.0) pundit (2.1.0) activesupport (>= 3.0.0) From ce17cea2210f9ce9dcbaf68074c07633df61bb6f Mon Sep 17 00:00:00 2001 From: ThibG Date: Sat, 29 Feb 2020 03:00:43 +0100 Subject: [PATCH 3/4] Fix installation failing when Redis password contains special characters (#13156) * Add support for special characters in Redis passwords Fixes #13154 * Refactor --- lib/mastodon/redis_config.rb | 4 +++- lib/tasks/mastodon.rake | 15 ++++++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/mastodon/redis_config.rb b/lib/mastodon/redis_config.rb index f11d94a45..e9db9122f 100644 --- a/lib/mastodon/redis_config.rb +++ b/lib/mastodon/redis_config.rb @@ -14,7 +14,9 @@ def setup_redis_env_url(prefix = nil, defaults = true) ENV[prefix + 'REDIS_URL'] = if [password, host, port, db].all?(&:nil?) ENV['REDIS_URL'] else - "redis://#{password.blank? ? '' : ":#{password}@"}#{host}:#{port}/#{db}" + Addressable::URI.parse("redis://#{host}:#{port}/#{db}").tap do |uri| + uri.password = password if password.present? + end.normalize.to_str end end diff --git a/lib/tasks/mastodon.rake b/lib/tasks/mastodon.rake index 2e92e8ded..a873335d4 100644 --- a/lib/tasks/mastodon.rake +++ b/lib/tasks/mastodon.rake @@ -336,7 +336,20 @@ namespace :mastodon do if prompt.yes?('Save configuration?') cmd = TTY::Command.new(printer: :quiet) - File.write(Rails.root.join('.env.production'), "# Generated with mastodon:setup on #{Time.now.utc}\n\n" + env.each_pair.map { |key, value| "#{key}=#{value}" }.join("\n") + "\n") + env_contents = env.each_pair.map do |key, value| + if value.is_a?(String) && value =~ /[\s\#\\"]/ + if value =~ /[']/ + value = value.to_s.gsub(/[\\"\$]/) { |x| "\\#{x}" } + "#{key}=\"#{value}\"" + else + "#{key}='#{value}'" + end + else + "#{key}=#{value}" + end + end.join("\n") + + File.write(Rails.root.join('.env.production'), "# Generated with mastodon:setup on #{Time.now.utc}\n\n" + env_contents + "\n") if using_docker prompt.ok 'Below is your configuration, save it to an .env.production file outside Docker:' From 5393b187c4601966f9be23490dfb1e54f3f3e725 Mon Sep 17 00:00:00 2001 From: ThibG Date: Sat, 29 Feb 2020 03:05:02 +0100 Subject: [PATCH 4/4] Fix elasticsearch-api and faraday incompatibilities (#13166) --- Gemfile.lock | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 7289e1445..59ab2ba7c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -202,14 +202,14 @@ GEM dotenv (= 2.7.5) railties (>= 3.2, < 6.1) e2mmap (0.1.0) - elasticsearch (7.3.0) - elasticsearch-api (= 7.3.0) - elasticsearch-transport (= 7.3.0) - elasticsearch-api (7.3.0) + elasticsearch (7.5.0) + elasticsearch-api (= 7.5.0) + elasticsearch-transport (= 7.5.0) + elasticsearch-api (7.5.0) multi_json elasticsearch-dsl (0.1.8) - elasticsearch-transport (7.3.0) - faraday + elasticsearch-transport (7.5.0) + faraday (>= 0.14, < 1) multi_json encryptor (3.0.0) equatable (0.6.1) @@ -220,7 +220,7 @@ GEM fabrication (2.21.0) faker (2.10.1) i18n (>= 1.6, < 2) - faraday (1.0.0) + faraday (0.17.3) multipart-post (>= 1.2, < 3) fast_blank (1.0.0) fastimage (2.1.7)