diff --git a/.env.production.sample b/.env.production.sample
index a64959c775..1fe5c70afe 100644
--- a/.env.production.sample
+++ b/.env.production.sample
@@ -175,9 +175,6 @@ STREAMING_CLUSTER_NUM=1
# MAX_IMAGE_SIZE=8388608
# MAX_VIDEO_SIZE=41943040
-# Maximum length of audio uploads in seconds
-# MAX_AUDIO_LENGTH=60
-
# LDAP authentication (optional)
# LDAP_ENABLED=true
# LDAP_HOST=localhost
diff --git a/CHANGELOG.md b/CHANGELOG.md
index c89f35cdf0..539fec5317 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,45 @@ Changelog
All notable changes to this project will be documented in this file.
+## [2.9.2] - 2019-06-22
+### Added
+
+- Add `short_description` and `approval_required` to `GET /api/v1/instance` ([Gargron](https://github.com/tootsuite/mastodon/pull/11146))
+
+### Changed
+
+- Change camera icon to paperclip icon in upload form ([koyuawsmbrtn](https://github.com/tootsuite/mastodon/pull/11149))
+
+### Fixed
+
+- Fix audio-only OGG and WebM files not being processed as such ([Gargron](https://github.com/tootsuite/mastodon/pull/11151))
+- Fix audio not being downloaded from remote servers ([Gargron](https://github.com/tootsuite/mastodon/pull/11145))
+
+## [2.9.1] - 2019-06-22
+### Added
+
+- Add moderation API ([Gargron](https://github.com/tootsuite/mastodon/pull/9387))
+- Add audio uploads ([Gargron](https://github.com/tootsuite/mastodon/pull/11123), [Gargron](https://github.com/tootsuite/mastodon/pull/11141))
+
+### Changed
+
+- Change domain blocks to automatically support subdomains ([Gargron](https://github.com/tootsuite/mastodon/pull/11138))
+- Change Nanobox configuration to bring it up to date ([danhunsaker](https://github.com/tootsuite/mastodon/pull/11083))
+
+### Removed
+
+- Remove expensive counters from federation page in admin UI ([Gargron](https://github.com/tootsuite/mastodon/pull/11139))
+
+### Fixed
+
+- Fix converted media being saved with original extension and mime type ([Gargron](https://github.com/tootsuite/mastodon/pull/11130))
+- Fix layout of identity proofs settings ([acid-chicken](https://github.com/tootsuite/mastodon/pull/11126))
+- Fix active scope only returning suspended users ([ThibG](https://github.com/tootsuite/mastodon/pull/11111))
+- Fix sanitizer making block level elements unreadable ([Gargron](https://github.com/tootsuite/mastodon/pull/10836))
+- Fix label for site theme not being translated in admin UI ([palindromordnilap](https://github.com/tootsuite/mastodon/pull/11121))
+- Fix statuses not being filtered irreversibly in web UI under some circumstances ([ThibG](https://github.com/tootsuite/mastodon/pull/11113))
+- Fix scrolling behaviour in compose form ([ThibG](https://github.com/tootsuite/mastodon/pull/11093))
+
## [2.9.0] - 2019-06-13
### Added
diff --git a/app/controllers/admin/accounts_controller.rb b/app/controllers/admin/accounts_controller.rb
index b0d45ce47a..0c7760d779 100644
--- a/app/controllers/admin/accounts_controller.rb
+++ b/app/controllers/admin/accounts_controller.rb
@@ -127,6 +127,7 @@ module Admin
:by_domain,
:active,
:pending,
+ :disabled,
:silenced,
:suspended,
:username,
diff --git a/app/controllers/admin/domain_blocks_controller.rb b/app/controllers/admin/domain_blocks_controller.rb
index 71597763bf..377cac8adc 100644
--- a/app/controllers/admin/domain_blocks_controller.rb
+++ b/app/controllers/admin/domain_blocks_controller.rb
@@ -13,7 +13,7 @@ module Admin
authorize :domain_block, :create?
@domain_block = DomainBlock.new(resource_params)
- existing_domain_block = resource_params[:domain].present? ? DomainBlock.find_by(domain: resource_params[:domain]) : nil
+ existing_domain_block = resource_params[:domain].present? ? DomainBlock.rule_for(resource_params[:domain]) : nil
if existing_domain_block.present? && !@domain_block.stricter_than?(existing_domain_block)
@domain_block.save
diff --git a/app/controllers/admin/instances_controller.rb b/app/controllers/admin/instances_controller.rb
index 6dd659a304..7888e844fb 100644
--- a/app/controllers/admin/instances_controller.rb
+++ b/app/controllers/admin/instances_controller.rb
@@ -18,7 +18,7 @@ module Admin
@blocks_count = Block.where(target_account: Account.where(domain: params[:id])).count
@available = DeliveryFailureTracker.available?(Account.select(:shared_inbox_url).where(domain: params[:id]).first&.shared_inbox_url)
@media_storage = MediaAttachment.where(account: Account.where(domain: params[:id])).sum(:file_file_size)
- @domain_block = DomainBlock.find_by(domain: params[:id])
+ @domain_block = DomainBlock.rule_for(params[:id])
end
private
diff --git a/app/controllers/api/v1/admin/account_actions_controller.rb b/app/controllers/api/v1/admin/account_actions_controller.rb
new file mode 100644
index 0000000000..29c9b7107b
--- /dev/null
+++ b/app/controllers/api/v1/admin/account_actions_controller.rb
@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+class Api::V1::Admin::AccountActionsController < Api::BaseController
+ before_action -> { doorkeeper_authorize! :'admin:write', :'admin:write:accounts' }
+ before_action :require_staff!
+ before_action :set_account
+
+ def create
+ account_action = Admin::AccountAction.new(resource_params)
+ account_action.target_account = @account
+ account_action.current_account = current_account
+ account_action.save!
+
+ render_empty
+ end
+
+ private
+
+ def set_account
+ @account = Account.find(params[:account_id])
+ end
+
+ def resource_params
+ params.permit(
+ :type,
+ :report_id,
+ :warning_preset_id,
+ :text,
+ :send_email_notification
+ )
+ end
+end
diff --git a/app/controllers/api/v1/admin/accounts_controller.rb b/app/controllers/api/v1/admin/accounts_controller.rb
new file mode 100644
index 0000000000..c306180ca2
--- /dev/null
+++ b/app/controllers/api/v1/admin/accounts_controller.rb
@@ -0,0 +1,128 @@
+# frozen_string_literal: true
+
+class Api::V1::Admin::AccountsController < Api::BaseController
+ include Authorization
+ include AccountableConcern
+
+ LIMIT = 100
+
+ before_action -> { doorkeeper_authorize! :'admin:read', :'admin:read:accounts' }, only: [:index, :show]
+ before_action -> { doorkeeper_authorize! :'admin:write', :'admin:write:accounts' }, except: [:index, :show]
+ before_action :require_staff!
+ before_action :set_accounts, only: :index
+ before_action :set_account, except: :index
+ before_action :require_local_account!, only: [:enable, :approve, :reject]
+
+ after_action :insert_pagination_headers, only: :index
+
+ FILTER_PARAMS = %i(
+ local
+ remote
+ by_domain
+ active
+ pending
+ disabled
+ silenced
+ suspended
+ username
+ display_name
+ email
+ ip
+ staff
+ ).freeze
+
+ PAGINATION_PARAMS = (%i(limit) + FILTER_PARAMS).freeze
+
+ def index
+ authorize :account, :index?
+ render json: @accounts, each_serializer: REST::Admin::AccountSerializer
+ end
+
+ def show
+ authorize @account, :show?
+ render json: @account, serializer: REST::Admin::AccountSerializer
+ end
+
+ def enable
+ authorize @account.user, :enable?
+ @account.user.enable!
+ log_action :enable, @account.user
+ render json: @account, serializer: REST::Admin::AccountSerializer
+ end
+
+ def approve
+ authorize @account.user, :approve?
+ @account.user.approve!
+ render json: @account, serializer: REST::Admin::AccountSerializer
+ end
+
+ def reject
+ authorize @account.user, :reject?
+ SuspendAccountService.new.call(@account, including_user: true, destroy: true, skip_distribution: true)
+ render json: @account, serializer: REST::Admin::AccountSerializer
+ end
+
+ def unsilence
+ authorize @account, :unsilence?
+ @account.unsilence!
+ log_action :unsilence, @account
+ render json: @account, serializer: REST::Admin::AccountSerializer
+ end
+
+ def unsuspend
+ authorize @account, :unsuspend?
+ @account.unsuspend!
+ log_action :unsuspend, @account
+ render json: @account, serializer: REST::Admin::AccountSerializer
+ end
+
+ private
+
+ def set_accounts
+ @accounts = filtered_accounts.order(id: :desc).includes(user: [:invite_request, :invite]).paginate_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
+ end
+
+ def set_account
+ @account = Account.find(params[:id])
+ end
+
+ def filtered_accounts
+ AccountFilter.new(filter_params).results
+ end
+
+ def filter_params
+ params.permit(*FILTER_PARAMS)
+ end
+
+ def insert_pagination_headers
+ set_pagination_headers(next_path, prev_path)
+ end
+
+ def next_path
+ api_v1_admin_accounts_url(pagination_params(max_id: pagination_max_id)) if records_continue?
+ end
+
+ def prev_path
+ api_v1_admin_accounts_url(pagination_params(min_id: pagination_since_id)) unless @accounts.empty?
+ end
+
+ def pagination_max_id
+ @accounts.last.id
+ end
+
+ def pagination_since_id
+ @accounts.first.id
+ end
+
+ def records_continue?
+ @accounts.size == limit_param(LIMIT)
+ end
+
+ def pagination_params(core_params)
+ params.slice(*PAGINATION_PARAMS).permit(*PAGINATION_PARAMS).merge(core_params)
+ end
+
+ def require_local_account!
+ forbidden unless @account.local? && @account.user.present?
+ end
+end
diff --git a/app/controllers/api/v1/admin/reports_controller.rb b/app/controllers/api/v1/admin/reports_controller.rb
new file mode 100644
index 0000000000..1d48d3160f
--- /dev/null
+++ b/app/controllers/api/v1/admin/reports_controller.rb
@@ -0,0 +1,108 @@
+# frozen_string_literal: true
+
+class Api::V1::Admin::ReportsController < Api::BaseController
+ include Authorization
+ include AccountableConcern
+
+ LIMIT = 100
+
+ before_action -> { doorkeeper_authorize! :'admin:read', :'admin:read:reports' }, only: [:index, :show]
+ before_action -> { doorkeeper_authorize! :'admin:write', :'admin:write:reports' }, except: [:index, :show]
+ before_action :require_staff!
+ before_action :set_reports, only: :index
+ before_action :set_report, except: :index
+
+ after_action :insert_pagination_headers, only: :index
+
+ FILTER_PARAMS = %i(
+ resolved
+ account_id
+ target_account_id
+ ).freeze
+
+ PAGINATION_PARAMS = (%i(limit) + FILTER_PARAMS).freeze
+
+ def index
+ authorize :report, :index?
+ render json: @reports, each_serializer: REST::Admin::ReportSerializer
+ end
+
+ def show
+ authorize @report, :show?
+ render json: @report, serializer: REST::Admin::ReportSerializer
+ end
+
+ def assign_to_self
+ authorize @report, :update?
+ @report.update!(assigned_account_id: current_account.id)
+ log_action :assigned_to_self, @report
+ render json: @report, serializer: REST::Admin::ReportSerializer
+ end
+
+ def unassign
+ authorize @report, :update?
+ @report.update!(assigned_account_id: nil)
+ log_action :unassigned, @report
+ render json: @report, serializer: REST::Admin::ReportSerializer
+ end
+
+ def reopen
+ authorize @report, :update?
+ @report.unresolve!
+ log_action :reopen, @report
+ render json: @report, serializer: REST::Admin::ReportSerializer
+ end
+
+ def resolve
+ authorize @report, :update?
+ @report.resolve!(current_account)
+ log_action :resolve, @report
+ render json: @report, serializer: REST::Admin::ReportSerializer
+ end
+
+ private
+
+ def set_reports
+ @reports = filtered_reports.order(id: :desc).with_accounts.paginate_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
+ end
+
+ def set_report
+ @report = Report.find(params[:id])
+ end
+
+ def filtered_reports
+ ReportFilter.new(filter_params).results
+ end
+
+ def filter_params
+ params.permit(*FILTER_PARAMS)
+ end
+
+ def insert_pagination_headers
+ set_pagination_headers(next_path, prev_path)
+ end
+
+ def next_path
+ api_v1_admin_reports_url(pagination_params(max_id: pagination_max_id)) if records_continue?
+ end
+
+ def prev_path
+ api_v1_admin_reports_url(pagination_params(min_id: pagination_since_id)) unless @reports.empty?
+ end
+
+ def pagination_max_id
+ @reports.last.id
+ end
+
+ def pagination_since_id
+ @reports.first.id
+ end
+
+ def records_continue?
+ @reports.size == limit_param(LIMIT)
+ end
+
+ def pagination_params(core_params)
+ params.slice(*PAGINATION_PARAMS).permit(*PAGINATION_PARAMS).merge(core_params)
+ end
+end
diff --git a/app/controllers/media_controller.rb b/app/controllers/media_controller.rb
index a245db2d1c..d44b52d262 100644
--- a/app/controllers/media_controller.rb
+++ b/app/controllers/media_controller.rb
@@ -7,6 +7,8 @@ class MediaController < ApplicationController
before_action :set_media_attachment
before_action :verify_permitted_status!
+ before_action :check_playable, only: :player
+ before_action :allow_iframing, only: :player
content_security_policy only: :player do |p|
p.frame_ancestors(false)
@@ -18,8 +20,6 @@ class MediaController < ApplicationController
def player
@body_classes = 'player'
- response.headers['X-Frame-Options'] = 'ALLOWALL'
- raise ActiveRecord::RecordNotFound unless @media_attachment.video? || @media_attachment.gifv?
end
private
@@ -34,4 +34,12 @@ class MediaController < ApplicationController
# Reraise in order to get a 404 instead of a 403 error code
raise ActiveRecord::RecordNotFound
end
+
+ def check_playable
+ not_found unless @media_attachment.larger_media_format?
+ end
+
+ def allow_iframing
+ response.headers['X-Frame-Options'] = 'ALLOWALL'
+ end
end
diff --git a/app/controllers/media_proxy_controller.rb b/app/controllers/media_proxy_controller.rb
index 950cf6d09f..8fc18dd060 100644
--- a/app/controllers/media_proxy_controller.rb
+++ b/app/controllers/media_proxy_controller.rb
@@ -39,6 +39,6 @@ class MediaProxyController < ApplicationController
end
def reject_media?
- DomainBlock.find_by(domain: @media_attachment.account.domain)&.reject_media?
+ DomainBlock.reject_media?(@media_attachment.account.domain)
end
end
diff --git a/app/controllers/settings/identity_proofs_controller.rb b/app/controllers/settings/identity_proofs_controller.rb
index 4d09385458..e84c1aca61 100644
--- a/app/controllers/settings/identity_proofs_controller.rb
+++ b/app/controllers/settings/identity_proofs_controller.rb
@@ -61,8 +61,4 @@ class Settings::IdentityProofsController < Settings::BaseController
def post_params
params.require(:account_identity_proof).permit(:post_status, :status_text)
end
-
- def set_body_classes
- @body_classes = ''
- end
end
diff --git a/app/javascript/mastodon/components/media_gallery.js b/app/javascript/mastodon/components/media_gallery.js
index 56618462b4..77bac61eec 100644
--- a/app/javascript/mastodon/components/media_gallery.js
+++ b/app/javascript/mastodon/components/media_gallery.js
@@ -157,7 +157,7 @@ class Item extends React.PureComponent {
if (attachment.get('type') === 'unknown') {
return (
diff --git a/app/javascript/mastodon/components/status.js b/app/javascript/mastodon/components/status.js
index aa5e870dc8..9b1035649d 100644
--- a/app/javascript/mastodon/components/status.js
+++ b/app/javascript/mastodon/components/status.js
@@ -333,17 +333,17 @@ class Status extends ImmutablePureComponent {
media={status.get('media_attachments')}
/>
);
- } else if (status.getIn(['media_attachments', 0, 'type']) === 'video') {
- const video = status.getIn(['media_attachments', 0]);
+ } else if (['video', 'audio'].includes(status.getIn(['media_attachments', 0, 'type']))) {
+ const attachment = status.getIn(['media_attachments', 0]);
media = (
{Component => (
{
const mapStateToProps = state => ({
acceptContentTypes: state.getIn(['media_attachments', 'accept_content_types']),
@@ -60,9 +62,9 @@ class UploadButton extends ImmutablePureComponent {
return (
-
+