Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix being able to post URLs longer than 4096 characters #17908

Merged
merged 1 commit into from
Mar 30, 2022
Merged

Fix being able to post URLs longer than 4096 characters #17908

merged 1 commit into from
Mar 30, 2022

Conversation

Gargron
Copy link
Member

@Gargron Gargron commented Mar 30, 2022
edited
Loading

Ref: MASTODON-BTSSXXK6

@Gargron Gargron added the security Security issues and fixes, vulnerabilities label Mar 30, 2022
@Gargron Gargron force-pushed the security-fix-url-length-dos branch from 60e974e to 5fa6f99 Compare March 30, 2022 12:35
@Gargron Gargron force-pushed the security-fix-url-length-dos branch from 5fa6f99 to 2839ae5 Compare March 30, 2022 12:41
@Gargron Gargron merged commit bbc7afa into main Mar 30, 2022
@Gargron Gargron deleted the security-fix-url-length-dos branch March 30, 2022 12:46
koba-lab added a commit to koba-lab/mastodon that referenced this pull request Apr 12, 2022
@koba-lab
Merge commit '8c7223f4eac80b5725485be742d3fa2c984f4670' into to_3.5.0
c6c78bb 
* commit '8c7223f4eac80b5725485be742d3fa2c984f4670': (887 commits)
  Bump version to 3.5.0 (mastodon#17911)
  Fix being able to post URLs longer than 4096 characters (mastodon#17908)
  Fix being able to bypass e-mail restrictions (mastodon#17909)
  Revert "Split build image actions (mastodon#17793)" (mastodon#17907)
  Refactor `response_to_recipient?` CTE (mastodon#17899)
  Fix regression of status colors in actions modal in web UI (mastodon#17903)
  caniuse-lite: add hash sum (mastodon#17902)
  Bump rubocop from 1.26.0 to 1.26.1 (mastodon#17891)
  Bump capistrano from 3.16.0 to 3.17.0 (mastodon#17774)
  Bump concurrent-ruby from 1.1.9 to 1.1.10 (mastodon#17889)
  Bump babel-loader from 8.2.3 to 8.2.4 (mastodon#17894)
  Bump @testing-library/jest-dom from 5.16.2 to 5.16.3 (mastodon#17895)
  Bump prettier from 2.6.0 to 2.6.1 (mastodon#17893)
  Bump devise-two-factor from 4.0.1 to 4.0.2 (mastodon#17892)
  Bump yargs from 17.3.1 to 17.4.0 (mastodon#17834)
  New Crowdin updates (mastodon#17864)
  Fix /api/v1/admin/accounts (mastodon#17887)
  Split build image actions (mastodon#17793)
  Fix test-related issues (mastodon#17888)
  Add `SMTP_RETURN_PATH` environment variable to set bounce domain (mastodon#17886)
  ...

# Conflicts:
#	.circleci/config.yml
#	.github/CODEOWNERS
#	.github/workflows/build-image.yml
#	CHANGELOG.md
#	Dockerfile
#	Gemfile.lock
#	README.md
#	app/controllers/admin/statuses_controller.rb
#	app/controllers/auth/sessions_controller.rb
#	app/controllers/concerns/sign_in_token_authentication_concern.rb
#	app/controllers/concerns/two_factor_authentication_concern.rb
#	app/helpers/context_helper.rb
#	app/javascript/mastodon/features/directory/index.js
#	app/javascript/mastodon/features/followers/index.js
#	app/javascript/mastodon/features/following/index.js
#	app/javascript/mastodon/features/ui/components/video_modal.js
#	app/javascript/mastodon/features/ui/containers/modal_container.js
#	app/javascript/mastodon/features/ui/index.js
#	app/javascript/mastodon/locales/ja.json
#	app/javascript/mastodon/reducers/modal.js
#	app/lib/activitypub/activity/create.rb
#	app/lib/formatter.rb
#	app/models/account.rb
#	app/services/notify_service.rb
#	app/services/resolve_account_service.rb
#	app/validators/status_length_validator.rb
#	app/views/admin/dashboard/index.html.haml
#	app/views/admin/instances/_instance.html.haml
#	app/views/admin/reports/show.html.haml
#	app/views/admin/tags/_tag.html.haml
#	app/views/directories/index.html.haml
#	config/brakeman.ignore
#	config/initializers/twitter_regex.rb
#	db/schema.rb
#	docker-compose.yml
#	lib/mastodon/version.rb
#	lib/tasks/tests.rake
#	package.json
#	spec/controllers/activitypub/followers_synchronizations_controller_spec.rb
#	spec/controllers/api/v1/accounts/notes_controller_spec.rb
#	spec/controllers/follower_accounts_controller_spec.rb
#	spec/controllers/following_accounts_controller_spec.rb
#	spec/models/account_spec.rb
#	spec/models/status_spec.rb
#	spec/services/notify_service_spec.rb
@digitalcircuit digitalcircuit mentioned this pull request Jun 16, 2022
Closed
atsu1125 pushed a commit to atsu1125/mastodon that referenced this pull request Aug 28, 2022
@Gargron @atsu1125
Fix being able to post URLs longer than 4096 characters (mastodon#17908)
c8e41c2
@ahox ahox mentioned this pull request Nov 25, 2022
Closed
@vmstan vmstan mentioned this pull request Jan 1, 2024
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ClearlyClaire ClearlyClaire ClearlyClaire approved these changes

Assignees
No one assigned
Labels
security Security issues and fixes, vulnerabilities
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Gargron @ClearlyClaire