Merge commit '5652ca6135' into glitch-soc/merge-upstream

2026-01-11 13:33:21 -08:00 · 2024-06-06 12:27:26 +02:00 · 2024-06-06 12:27:26 +02:00 · 30b00ca2b5
commit 30b00ca2b5
parent 2a34c9a01e 5652ca6135
136 changed files with 3195 additions and 1823 deletions
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@ -74,7 +74,8 @@ Doorkeeper.configure do
  # For more information go to
  # https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes
  default_scopes  :read
-  optional_scopes :write,
+  optional_scopes :profile,
+                  :write,
                  :'write:accounts',
                  :'write:blocks',
                  :'write:bookmarks',
@ -89,7 +90,6 @@ Doorkeeper.configure do
                  :'write:reports',
                  :'write:statuses',
                  :read,
-                  :'read:me',
                  :'read:accounts',
                  :'read:blocks',
                  :'read:bookmarks',
--- a/config/initializers/filter_parameter_logging.rb
+++ b/config/initializers/filter_parameter_logging.rb
@ -6,5 +6,5 @@
 # Use this to limit dissemination of sensitive information.
 # See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors.
 Rails.application.config.filter_parameters += [
-  :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn
+  :passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn
 ]
--- a/config/initializers/rack_attack_logging.rb
+++ b/config/initializers/rack_attack_logging.rb
@ -3,7 +3,7 @@
 ActiveSupport::Notifications.subscribe(/rack_attack/) do |_name, _start, _finish, _request_id, payload|
  req = payload[:request]

-  next unless [:throttle, :blacklist].include? req.env['rack.attack.match_type']
+  next unless [:throttle, :blocklist].include? req.env['rack.attack.match_type']

  Rails.logger.info("Rate limit hit (#{req.env['rack.attack.match_type']}): #{req.ip} #{req.request_method} #{req.fullpath}")
 end
--- a/config/initializers/vips.rb
+++ b/config/initializers/vips.rb
@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+if Rails.configuration.x.use_vips
+  ENV['VIPS_BLOCK_UNTRUSTED'] = 'true'
+
+  require 'vips'
+
+  abort('Incompatible libvips version, please install libvips >= 8.13') unless Vips.at_least_libvips?(8, 13)
+
+  Vips.block('VipsForeign', true)
+
+  %w(
+    VipsForeignLoadNsgif
+    VipsForeignLoadJpeg
+    VipsForeignLoadPng
+    VipsForeignLoadWebp
+    VipsForeignLoadHeif
+    VipsForeignSavePng
+    VipsForeignSaveSpng
+    VipsForeignSaveJpeg
+    VipsForeignSaveWebp
+  ).each do |operation|
+    Vips.block(operation, false)
+  end
+
+  Vips.block_untrusted(true)
+end