Merge commit '63ba69810eca80fc2d10114a79f2988c1b75892f' into glitch-s…

…oc/merge-upstream Conflicts: - `.env.production.sample`: Upstream and glitch-soc had different comments, some comments got updated upstream. Updated them in glitch-soc accordingly.
ClearlyClaire · Jul 6, 2024 · 11dd51e · 11dd51e
2 parents 05cfe04 + 63ba698
commit 11dd51e
Show file tree

Hide file tree

Showing 17 changed files with 154 additions and 60 deletions.
diff --git a/.env.production.sample b/.env.production.sample
@@ -1,5 +1,5 @@
 # This is a sample configuration file. You can generate your configuration
-# with the `rake mastodon:setup` interactive setup wizard, but to customize
+# with the `bundle exec rails mastodon:setup` interactive setup wizard, but to customize
 # your setup even further, you'll need to edit it manually. This sample does
 # not demonstrate all available configuration options. Please look at
 # https://docs.joinmastodon.org/admin/config/ for the full documentation.
@@ -68,15 +68,15 @@ DB_PORT=5432
 
 # Secrets
 # -------
-# Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web bundle exec rake secret` if you use docker compose)
+# Generate each with the `RAILS_ENV=production bundle exec rails secret` task (`docker-compose run --rm web bundle exec rails secret` if you use docker compose)
 # -------
 SECRET_KEY_BASE=
 OTP_SECRET=
 
 
 # Web Push
 # --------
-# Generate with `rake mastodon:webpush:generate_vapid_key` (first is the private key, second is the public one)
+# Generate with `bundle exec rails mastodon:webpush:generate_vapid_key` (first is the private key, second is the public one)
 # You should only generate this once per instance. If you later decide to change it, all push subscription will
 # be invalidated, requiring the users to access the website again to resubscribe.
 # --------

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -793,10 +793,10 @@ GEM
       redis (>= 4.5.0, < 5)
     sidekiq-bulk (0.2.0)
       sidekiq
-    sidekiq-scheduler (5.0.3)
+    sidekiq-scheduler (5.0.5)
       rufus-scheduler (~> 3.2)
       sidekiq (>= 6, < 8)
-      tilt (>= 1.4.0)
+      tilt (>= 1.4.0, < 3)
     sidekiq-unique-jobs (7.1.33)
       brpoplpush-redis_script (> 0.1.1, <= 2.0.0)
       concurrent-ruby (~> 1.0, >= 1.0.5)

diff --git a/app/javascript/mastodon/features/status/components/card.jsx b/app/javascript/mastodon/features/status/components/card.jsx
@@ -141,7 +141,7 @@ export default class Card extends PureComponent {
     const showAuthor  = !!card.getIn(['authors', 0, 'accountId']);
 
     const description = (
-      <div className='status-card__content'>
+      <div className='status-card__content' dir='auto'>
         <span className='status-card__host'>
           <span lang={language}>{provider}</span>
           {card.get('published_at') && <> · <RelativeTimestamp timestamp={card.get('published_at')} /></>}

diff --git a/app/javascript/mastodon/locales/ja.json b/app/javascript/mastodon/locales/ja.json
@@ -411,6 +411,7 @@
   "limited_account_hint.action": "構わず表示する",
   "limited_account_hint.title": "このプロフィールは{domain}のモデレーターによって非表示にされています。",
   "link_preview.author": "{name}",
+  "link_preview.more_from_author": "{name}さんの投稿をもっと読む",
   "lists.account.add": "リストに追加",
   "lists.account.remove": "リストから外す",
   "lists.delete": "リストを削除",
@@ -693,6 +694,7 @@
   "server_banner.administered_by": "管理者",
   "server_banner.server_stats": "サーバーの情報",
   "sign_in_banner.create_account": "アカウント作成",
+  "sign_in_banner.follow_anyone": "連合内の誰でもフォローして投稿を時系列で見ることができます。アルゴリズム、広告、クリックベイトはありません。",
   "sign_in_banner.sign_in": "ログイン",
   "sign_in_banner.sso_redirect": "ログインまたは登録",
   "status.admin_account": "@{name}さんのモデレーション画面を開く",

diff --git a/app/javascript/mastodon/locales/uk.json b/app/javascript/mastodon/locales/uk.json
@@ -32,7 +32,7 @@
   "account.featured_tags.last_status_never": "Немає дописів",
   "account.featured_tags.title": "{name} виділяє хештеґи",
   "account.follow": "Підписатися",
-  "account.follow_back": "Підписатися взаємно",
+  "account.follow_back": "Стежити також",
   "account.followers": "Підписники",
   "account.followers.empty": "Ніхто ще не підписаний на цього користувача.",
   "account.followers_counter": "{count, plural, one {{counter} підписник} few {{counter} підписники} many {{counter} підписників} other {{counter} підписники}}",

diff --git a/app/javascript/styles/mastodon/components.scss b/app/javascript/styles/mastodon/components.scss
@@ -10453,7 +10453,7 @@ noscript {
       gap: 4px;
 
       dt {
-        flex: 0 0 auto;
+        flex: 0 1 auto;
         color: $dark-text-color;
         min-width: 0;
         overflow: hidden;

diff --git a/app/lib/link_details_extractor.rb b/app/lib/link_details_extractor.rb
@@ -156,11 +156,11 @@ def height
   end
 
   def title
-    html_entities.decode(structured_data&.headline || opengraph_tag('og:title') || document.xpath('//title').map(&:content).first).strip
+    html_entities_decode(structured_data&.headline || opengraph_tag('og:title') || document.xpath('//title').map(&:content).first)&.strip
   end
 
   def description
-    html_entities.decode(structured_data&.description || opengraph_tag('og:description') || meta_tag('description'))
+    html_entities_decode(structured_data&.description || opengraph_tag('og:description') || meta_tag('description'))
   end
 
   def published_at
@@ -180,15 +180,15 @@ def canonical_url
   end
 
   def provider_name
-    html_entities.decode(structured_data&.publisher_name || opengraph_tag('og:site_name'))
+    html_entities_decode(structured_data&.publisher_name || opengraph_tag('og:site_name'))
   end
 
   def provider_url
     valid_url_or_nil(host_to_url(opengraph_tag('og:site')))
   end
 
   def author_name
-    html_entities.decode(structured_data&.author_name || opengraph_tag('og:author') || opengraph_tag('og:author:username'))
+    html_entities_decode(structured_data&.author_name || opengraph_tag('og:author') || opengraph_tag('og:author:username'))
   end
 
   def author_url
@@ -257,7 +257,7 @@ def structured_data
 
       next if json_ld.blank?
 
-      structured_data = StructuredData.new(html_entities.decode(json_ld))
+      structured_data = StructuredData.new(html_entities_decode(json_ld))
 
       next unless structured_data.valid?
 
@@ -273,10 +273,11 @@ def document
   end
 
   def detect_encoding_and_parse_document
-    [detect_encoding, nil, @html_charset, 'UTF-8'].uniq.each do |encoding|
+    [detect_encoding, nil, @html_charset].uniq.each do |encoding|
       document = Nokogiri::HTML(@html, nil, encoding)
       return document if document.to_s.valid_encoding?
     end
+    Nokogiri::HTML(@html, nil, 'UTF-8')
   end
 
   def detect_encoding
@@ -290,6 +291,15 @@ def detector
     end
   end
 
+  def html_entities_decode(string)
+    return if string.nil?
+
+    unicode_string = string.encode('UTF-8')
+    raise EncodingError, 'cannot convert string to valid UTF-8' unless unicode_string.valid_encoding?
+
+    html_entities.decode(unicode_string)
+  end
+
   def html_entities
     @html_entities ||= HTMLEntities.new(:expanded)
   end

diff --git a/app/services/fetch_link_card_service.rb b/app/services/fetch_link_card_service.rb
@@ -32,7 +32,7 @@ def call(status)
     end
 
     attach_card if @card&.persisted?
-  rescue HTTP::Error, OpenSSL::SSL::SSLError, Addressable::URI::InvalidURIError, Mastodon::HostValidationError, Mastodon::LengthValidationError, Encoding::UndefinedConversionError => e
+  rescue HTTP::Error, OpenSSL::SSL::SSLError, Addressable::URI::InvalidURIError, Mastodon::HostValidationError, Mastodon::LengthValidationError, EncodingError => e
     Rails.logger.debug { "Error fetching link #{@original_url}: #{e}" }
     nil
   end

diff --git a/config/initializers/vapid.rb b/config/initializers/vapid.rb
@@ -5,7 +5,7 @@
   # You should only generate this once per instance. If you later decide to change it, all push subscription will
   # be invalidated, requiring the users to access the website again to resubscribe.
   #
-  # Generate with `rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web rake mastodon:webpush:generate_vapid_key` if you use docker compose)
+  # Generate with `bundle exec rails mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web bundle exec rails mastodon:webpush:generate_vapid_key` if you use docker compose)
   #
   # For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html
 

diff --git a/config/locales/gl.yml b/config/locales/gl.yml
@@ -31,18 +31,18 @@ gl:
       created_msg: Nota de moderación creada correctamente!
       destroyed_msg: Nota de moderación eliminada de xeito correcto!
     accounts:
-      add_email_domain_block: Bloquear o dominio do email
+      add_email_domain_block: Bloquear o dominio do enderezo
       approve: Aprobar
       approved_msg: Aprobada a solicitude de rexistro de %{username}
       are_you_sure: Está segura?
       avatar: Imaxe de perfil
       by_domain: Dominio
       change_email:
-        changed_msg: Email mudado de xeito correcto!
-        current_email: Email actual
-        label: Mudar email
-        new_email: Novo email
-        submit: Mudar email
+        changed_msg: Correo cambiado de xeito correcto!
+        current_email: Enderezo actual
+        label: Cambiar de enderezo
+        new_email: Novo enderezo
+        submit: Cambiar de enderezo
         title: Mudar email de %{username}
       change_role:
         changed_msg: Rol mudado correctamente!
@@ -64,10 +64,10 @@ gl:
       display_name: Nome a amosar
       domain: Dominio
       edit: Editar
-      email: Email
-      email_status: Estado do email
+      email: Enderezo de correo
+      email_status: Estado do correo
       enable: Activar
-      enable_sign_in_token_auth: Activar autenticación cun token no email
+      enable_sign_in_token_auth: Activar autenticación cun token no correo
       enabled: Activado
       enabled_msg: Desbloqueada a conta de %{username}
       followers: Seguidoras
@@ -132,7 +132,7 @@ gl:
       resubscribe: Resubscribir
       role: Rol
       search: Procurar
-      search_same_email_domain: Outras usuarias co mesmo dominio de email
+      search_same_email_domain: Outras usuarias co mesmo dominio de correo
       search_same_ip: Outras usuarias co mesmo IP
       security: Seguridade
       security_measures:
@@ -154,9 +154,9 @@ gl:
       suspension_irreversible: Elimináronse de xeito irreversible os datos desta conta. Podes reactivar a conta para facela usable novamente pero non recuperará os datos eliminados.
       suspension_reversible_hint_html: Esta conta foi suspendida, e os datos serán totalmente eliminados o %{date}. Ata entón, a conta pode ser restaurada sen danos. Se desexas eliminar agora mesmo todos os datos da conta, podes facelo aquí embaixo.
       title: Contas
-      unblock_email: Desbloquear enderezo de email
-      unblocked_email_msg: Enderezo de email de %{username} desbloqueado
-      unconfirmed_email: Email non confirmado
+      unblock_email: Desbloquear enderezo de correo
+      unblocked_email_msg: Enderezo de correo de %{username} desbloqueado
+      unconfirmed_email: Enderezo de correo sen confirmar
       undo_sensitized: Desmarcar como sensible
       undo_silenced: Desfacer acalar
       undo_suspension: Desfacer suspensión
@@ -173,12 +173,12 @@ gl:
         approve_appeal: Aprobar apelación
         approve_user: Aprobar Usuaria
         assigned_to_self_report: Asignar denuncia
-        change_email_user: Editar email da usuaria
+        change_email_user: Editar correo electrónico da usuaria
         change_role_user: Cambiar Rol da Usuaria
         confirm_user: Confirmar usuaria
         create_account_warning: Crear aviso
         create_announcement: Crear anuncio
-        create_canonical_email_block: Crear Bloqueo de email
+        create_canonical_email_block: Crear Bloqueo de correo electrónico
         create_custom_emoji: Crear emoticonas personalizadas
         create_domain_allow: Crear Dominio Permitido
         create_domain_block: Crear bloquedo do Dominio
@@ -188,7 +188,7 @@ gl:
         create_user_role: Crear Rol
         demote_user: Degradar usuaria
         destroy_announcement: Eliminar anuncio
-        destroy_canonical_email_block: Eliminar Bloqueo de email
+        destroy_canonical_email_block: Eliminar Bloqueo de correo electrónico
         destroy_custom_emoji: Eliminar emoticona personalizada
         destroy_domain_allow: Eliminar Dominio permitido
         destroy_domain_block: Eliminar bloqueo do Dominio
@@ -200,7 +200,7 @@ gl:
         destroy_user_role: Eliminar Rol
         disable_2fa_user: Desactivar 2FA
         disable_custom_emoji: Desactivar emoticona personalizada
-        disable_sign_in_token_auth_user: Desactivar Autenticación por token no email para Usuaria
+        disable_sign_in_token_auth_user: Desactivar Autenticación con token no correo para Usuaria
         disable_user: Desactivar usuaria
         enable_custom_emoji: Activar emoticona personalizada
         enable_sign_in_token_auth_user: Activar Autenticación con token no email para Usuaria
@@ -211,14 +211,14 @@ gl:
         reject_user: Rexeitar Usuaria
         remove_avatar_user: Eliminar avatar
         reopen_report: Reabrir denuncia
-        resend_user: Reenviar o email de confirmación
+        resend_user: Reenviar o correo de confirmación
         reset_password_user: Restabelecer contrasinal
         resolve_report: Resolver denuncia
         sensitive_account: Marca o multimedia da túa conta como sensible
         silence_account: Silenciar conta
         suspend_account: Suspender conta
         unassigned_report: Desasignar denuncia
-        unblock_email_account: Desbloquear enderezo de email
+        unblock_email_account: Desbloquear enderezo de correo
         unsensitive_account: Retira a marca de sensible do multimedia da conta
         unsilence_account: Deixar de silenciar conta
         unsuspend_account: Retirar suspensión de conta
@@ -660,7 +660,7 @@ gl:
         delete_data_html: Eliminar o perfil e contidos de <strong>@%{acct}</strong> para os próximos 30 días a non ser que sexa suspendida nese período
         preview_preamble_html: "<strong>@%{acct}</strong> vai recibir un aviso co seguinte contido:"
         record_strike_html: Anotar un aviso contra <strong>@%{acct}</strong> para axudarche a xestionar futuros problemas con esta conta
-        send_email_html: Enviar un email de aviso a <strong>@%{acct}</strong>
+        send_email_html: Enviar un correo de aviso a <strong>@%{acct}</strong>
         warning_placeholder: Razóns adicionais optativas para a acción de moderación.
       target_origin: Orixe da conta denunciada
       title: Denuncias
@@ -1060,7 +1060,7 @@ gl:
       redirect_to_app_html: Ímoste redirixir á app <strong>%{app_name}</strong>. Se iso non acontece, proba %{clicking_this_link} ou volve ti manualmente á app.
       registration_complete: Completouse a creación da conta en %{domain}!
       welcome_title: Benvida, %{name}!
-      wrong_email_hint: Se o enderezo de email non é correcto, podes cambialo nos axustes da conta.
+      wrong_email_hint: Se o enderezo de correo non é correcto, podes cambialo nos axustes da conta.
     delete_account: Eliminar conta
     delete_account_html: Se queres eliminar a túa conta, podes <a href="%{path}">facelo aquí</a>. Deberás confirmar a acción.
     description:

diff --git a/config/locales/simple_form.gl.yml b/config/locales/simple_form.gl.yml
@@ -255,7 +255,7 @@ gl:
         require_invite_text: Pedir unha razón para unirse
         show_domain_blocks: Amosar dominios bloqueados
         show_domain_blocks_rationale: Explicar porque están bloqueados os dominios
-        site_contact_email: Email de contacto
+        site_contact_email: Correo de contacto
         site_contact_username: Nome do contacto
         site_extended_description: Descrición ampla
         site_short_description: Descrición do servidor

diff --git a/config/routes/settings.rb b/config/routes/settings.rb
@@ -37,13 +37,13 @@
     end
   end
 
-  resource :otp_authentication, only: [:show, :create], controller: 'two_factor_authentication/otp_authentication'
+  scope module: :two_factor_authentication do
+    resource :otp_authentication, only: [:show, :create], controller: :otp_authentication
 
-  resources :webauthn_credentials, only: [:index, :new, :create, :destroy],
-                                   path: 'security_keys',
-                                   controller: 'two_factor_authentication/webauthn_credentials' do
-    collection do
-      get :options
+    resources :webauthn_credentials, only: [:index, :new, :create, :destroy], path: 'security_keys' do
+      collection do
+        get :options
+      end
     end
   end
 

diff --git a/spec/fixtures/requests/latin1_posing_as_utf8_broken.txt b/spec/fixtures/requests/latin1_posing_as_utf8_broken.txt
@@ -0,0 +1,17 @@
+HTTP/1.1 200 OK
+server: nginx
+date: Thu, 13 Jun 2024 14:33:13 GMT
+content-type: text/html; charset=utf-8
+content-length: 158
+accept-ranges: bytes
+
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <title>Tofu � l'orange</title>
+</head>
+<body>
+  <h2>Tofu � l'orange</h2>
+</body>
+</html>
diff --git a/spec/fixtures/requests/latin1_posing_as_utf8_recoverable.txt b/spec/fixtures/requests/latin1_posing_as_utf8_recoverable.txt
@@ -0,0 +1,17 @@
+HTTP/1.1 200 OK
+server: nginx
+date: Thu, 13 Jun 2024 14:33:13 GMT
+content-type: text/html; charset=utf-8
+content-length: 158
+accept-ranges: bytes
+
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <title>Tofu with orange sauce</title>
+</head>
+<body>
+  <h2>Tofu � l'orange</h2>
+</body>
+</html>
diff --git a/spec/fixtures/requests/page_without_title.txt b/spec/fixtures/requests/page_without_title.txt
@@ -0,0 +1,17 @@
+HTTP/1.1 200 OK
+server: nginx
+date: Thu, 13 Jun 2024 14:33:13 GMT
+content-type: text/html; charset=utf-8
+content-length: 171
+accept-ranges: bytes
+
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+</head>
+<body>
+  <h2>I am not a valid page</h2>
+  <p>Thankfully, browsers do not care</p>
+</body>
+</html>