OpenCloud
/
mastodon
mirror of https://github.com/tootsuite/mastodon
1
1
Fork 0
Code Issues Releases Wiki Activity
mastodon/spec/models
History
David Leadbeater 69378eac99
Don't allow URLs that contain non-normalized paths to be verified (#20999) 
* Don't allow URLs that contain non-normalized paths to be verified

This stops things like https://example.com/otheruser/../realuser where
"/otheruser" appears to be the verified URL, but the actual URL being
verified is "/realuser" due to the "/../".

Also fix a test to use 'https', so it is testing the right thing, now
that since #20304 https is required.

* missing do
 		2022-11-20 19:28:13 +01:00
..
account Don't allow URLs that contain non-normalized paths to be verified (#20999) 2022-11-20 19:28:13 +01:00
admin
concerns
trends
web
account_alias_spec.rb
account_conversation_spec.rb
account_deletion_request_spec.rb
account_domain_block_spec.rb
account_filter_spec.rb
account_migration_spec.rb
account_moderation_note_spec.rb
account_spec.rb
account_statuses_cleanup_policy_spec.rb
account_statuses_filter_spec.rb
announcement_mute_spec.rb
announcement_reaction_spec.rb
announcement_spec.rb
appeal_spec.rb
backup_spec.rb
block_spec.rb
canonical_email_block_spec.rb
conversation_mute_spec.rb
conversation_spec.rb
custom_emoji_category_spec.rb
custom_emoji_filter_spec.rb
custom_emoji_spec.rb
custom_filter_keyword_spec.rb
custom_filter_spec.rb
device_spec.rb
domain_allow_spec.rb
domain_block_spec.rb
email_domain_block_spec.rb
encrypted_message_spec.rb
export_spec.rb
favourite_spec.rb
featured_tag_spec.rb
follow_recommendation_suppression_spec.rb
follow_request_spec.rb
follow_spec.rb
home_feed_spec.rb
identity_spec.rb
import_spec.rb
invite_spec.rb
ip_block_spec.rb
list_account_spec.rb
list_spec.rb
login_activity_spec.rb
marker_spec.rb
media_attachment_spec.rb
mention_spec.rb
mute_spec.rb
notification_spec.rb
one_time_key_spec.rb
poll_spec.rb
poll_vote_spec.rb
preview_card_spec.rb
preview_card_trend_spec.rb
public_feed_spec.rb
relationship_filter_spec.rb
relay_spec.rb
remote_follow_spec.rb
report_filter_spec.rb
report_spec.rb
rule_spec.rb
scheduled_status_spec.rb
session_activation_spec.rb
setting_spec.rb
site_upload_spec.rb
status_edit_spec.rb
status_pin_spec.rb
status_spec.rb
status_stat_spec.rb
status_trend_spec.rb
system_key_spec.rb
tag_feed_spec.rb
tag_follow_spec.rb
tag_spec.rb
unavailable_domain_spec.rb
user_invite_request_spec.rb
user_role_spec.rb
user_spec.rb
webauthn_credentials_spec.rb
webhook_spec.rb