* Enable updating additional account information from user preferences via rest api
Resolves#6553
* Pacify rubocop
* Decoerce incoming settings in UserSettingsDecorator
* Create user preferences hash directly from incoming credentials instead of going through ActionController::Parameters
* Clean up user preferences update
* Use ActiveModel::Type::Boolean instead of manually checking stringified number equivalence
* Fix follow/unfollow buttons on public profile
- Present non-logged users with web+mastodon:// URLs for remote accounts
- Present logged-in users with appropriate links (authorize_follows and
remote_unfollows) for remote accounts
* Do not cache rendered cards if user is logged in
* i18n: update gender-neutral language for pt and pt-BR
Instead of using "bem-vindo(a)" (a masculine form of "Welcome"
with a "(a)" in the end to mean "bem-vinda" for the feminine form),
use "boas-vindas", which is a gender-neutral form of "Welcome").
There is already precedent for using "boas-vindas" in the
Brazilian Portuguese localization, in `config/locales/pt-BR.yml`.
European Portuguese dictionary Priberam also registers it as a valid form:
https://www.priberam.pt/dlpo/boas-vindas
* i18n: pt-BR minor orthography fix
The form "a bordo" does not take an accent.
http://oredator.com.br/curso-de-redacao/uncategorized/a-bordo-ou-a-bordo
* Adjust privacy policy to be more specific to Mastodon
Fix#6613
* Change data retention of IP addresses from 5 years to 1 year
* Add even more information
* Remove all (now invalid) translations of the privacy policy
* Add information about archive takeout, remove pointless consent section
* Emphasis on DM privacy
* Improve wording
* Add line about data use for moderation purposes
Unfortunately the new hammer.js functionality wasn't correctly tested and didn't work across devices and browsers, as such, it's best to revert PR #6944 until we can revisit this functionality and make it work across all devices and browsers that are supported by Mastodon.
This reverts commit 5021c4e9ca.
Previously these returns 302 redirects instead of 403s, which meant posting links to admin pages in slack caused them to unfurl, rather than stay as a link. Additionally, require_admin! doesn't appear to be actively used, on require_staff!
* Implement Assignment of Reports (#6967)
* Change translation of admin.report.comment.label to "Report Comment" for clarity
As we'll soon add the ability for reports to have comments on them, this clarification makes sense.
* Implement notes for Reports
This enables moderators to leave comments about a report whilst they work on it
* Fix display of report moderation notes
* Allow reports to be reopened / marked as unresolved
* Redirect to reports listing upon resolution of report
* Implement "resolve with note" functionality
* Add inverse relationship for report notes
* Remove additional database querying when loading report notes
* Fix tests for reports
* Fix localisations for report notes / reports
* Add eslint-plugin-promise to detect uncaught rejections
* Move alert generation for errors to actions/alert
* Add missing rejection handling for Promises
* Use catch() instead of onReject on then()
Then it will catches rejection from onFulfilled. This detection can be
disabled by `allowThen` option, though.
* Clear compose textarea when starting a new direct message
Previous behaviour resulted in potentially misdirected direct messages.
* Hide search when starting to compose a direct message
https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/
> This release includes some bug fixes and some security fixes.
>
> - CVE-2017-17742: HTTP response splitting in WEBrick
> - CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
> - CVE-2018-8777: DoS by large request in WEBrick
> - CVE-2018-8778: Buffer under-read in String#unpack
> - CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
> - CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
> - Multiple vulnerabilities in RubyGems
Admins can still disable the feature by adding `ES_ENABLED=false` to their environment, if they prefer not to use it. Be sure to set the variable before you deploy!
`navigator.share()` rejects Promise if user cancelled sharing, and it may
print it as an error on JavaScript console.
This patch ignores it and prints other errors on the console.
* Keep list of blocked domains
Might be overkill, but I'm trying to follow the same logic as for blocked users
* Add basic domain block UI
* Add the domain blocks UI to Getting Started
* Fix undefined URL in `fetchDomainBlocks`
* Update all known users' domain_blocking relationship instead of just one's
* Implement ability to send direct messages from the user menu
* Implement message warning users that direct messages are visible to all mentioned users
* Update locales
add <div.zoomable-image__margin/> to keep margin of the image on zooming
move setting `scrollLeft` and `scrollTop` of container from callback of
`setState` to `componentDidUpdate`
add 'hammerjs' package for touch gesture detection
rewrite `ZoomableImage` using 'hammerjs'
`Response.prototype.clone()` must be called before the response used.
This fixes an error from ServiceWorker and failing to load image when the
image is not cached.
This patch adds null item (i.e. gap) handling on below functions to avoid TypeError.
* `filterNotifications` called on user mute/block
* `deleteByStatus` called on status deletion