mastodon

History

David Leadbeater 69378eac99 Don't allow URLs that contain non-normalized paths to be verified (#20999 ) * Don't allow URLs that contain non-normalized paths to be verified This stops things like https://example.com/otheruser/../realuser where "/otheruser" appears to be the verified URL, but the actual URL being verified is "/realuser" due to the "/../". Also fix a test to use 'https', so it is testing the right thing, now that since #20304 https is required. * missing do		2022-11-20 19:28:13 +01:00
..
account	Don't allow URLs that contain non-normalized paths to be verified (#20999 )	2022-11-20 19:28:13 +01:00
account_suggestions	…
admin	…
concerns	…
form	…
trends	…
web	…
account.rb	…
account_alias.rb	…
account_conversation.rb	…
account_deletion_request.rb	…
account_domain_block.rb	…
account_filter.rb	…
account_migration.rb	…
account_moderation_note.rb	…
account_note.rb	…
account_pin.rb	…
account_stat.rb	…
account_statuses_cleanup_policy.rb	…
account_statuses_filter.rb	…
account_suggestions.rb	…
account_summary.rb	…
account_warning.rb	…
account_warning_preset.rb	…
admin.rb	…
announcement.rb	…
announcement_filter.rb	…
announcement_mute.rb	…
announcement_reaction.rb	…
appeal.rb	…
application_record.rb	…
backup.rb	…
block.rb	…
bookmark.rb	…
canonical_email_block.rb	…
content_retention_policy.rb	…
context.rb	…
conversation.rb	…
conversation_mute.rb	…
custom_emoji.rb	…
custom_emoji_category.rb	…
custom_emoji_filter.rb	…
custom_filter.rb	…
custom_filter_keyword.rb	…
custom_filter_status.rb	…
device.rb	…
domain_allow.rb	…
domain_block.rb	…
email_domain_block.rb	…
encrypted_message.rb	…
export.rb	…
extended_description.rb	…
favourite.rb	…
featured_tag.rb	…
feed.rb	…
follow.rb	…
follow_recommendation.rb	…
follow_recommendation_filter.rb	…
follow_recommendation_suppression.rb	…
follow_request.rb	…
home_feed.rb	…
identity.rb	…
import.rb	…
instance.rb	…
instance_filter.rb	…
invite.rb	…
invite_filter.rb	…
ip_block.rb	…
list.rb	…
list_account.rb	…
list_feed.rb	…
login_activity.rb	…
marker.rb	…
media_attachment.rb	…
mention.rb	…
message_franking.rb	…
mute.rb	…
notification.rb	…
one_time_key.rb	…
poll.rb	…
poll_vote.rb	…
preview_card.rb	…
preview_card_provider.rb	…
preview_card_trend.rb	…
privacy_policy.rb	…
public_feed.rb	…
relationship_filter.rb	…
relay.rb	…
remote_follow.rb	…
report.rb	…
report_filter.rb	…
report_note.rb	…
rule.rb	…
scheduled_status.rb	…
search.rb	…
session_activation.rb	…
setting.rb	…
site_upload.rb	…
status.rb	…
status_edit.rb	…
status_pin.rb	…
status_stat.rb	…
status_trend.rb	…
system_key.rb	…
tag.rb	…
tag_feed.rb	…
tag_follow.rb	…
tombstone.rb	…
trends.rb	…
unavailable_domain.rb	…
user.rb	…
user_invite_request.rb	…
user_ip.rb	…
user_role.rb	…
web.rb	…
webauthn_credential.rb	…
webhook.rb	…