0
0
instrumental/spec
David Leadbeater 69378eac99
Don't allow URLs that contain non-normalized paths to be verified (#20999)
* Don't allow URLs that contain non-normalized paths to be verified

This stops things like https://example.com/otheruser/../realuser where
"/otheruser" appears to be the verified URL, but the actual URL being
verified is "/realuser" due to the "/../".

Also fix a test to use 'https', so it is testing the right thing, now
that since #20304 https is required.

* missing do
2022-11-20 19:28:13 +01:00
..
config/initializers Fix rate limiting for paths with formats (#20675) 2022-11-14 20:26:31 +01:00
controllers Fix style for hashes (#20518) 2022-11-17 11:05:39 +01:00
fabricators png optimization(loss less) (#19630) 2022-11-01 15:06:52 +01:00
features Change public accounts pages to mount the web UI (#19319) 2022-10-20 14:35:29 +02:00
fixtures Support for import/export of instance-level domain blocks/allows for 4.x w/ additional fixes (#20597) 2022-11-17 11:05:09 +01:00
helpers Test the native_locale_name of a non-standard locale (#20284) 2022-11-11 00:06:18 +01:00
lib Fix typos (#19849) 2022-11-08 17:32:03 +01:00
mailers Add support for language preferences for trending statuses and links (#18288) 2022-10-08 16:45:40 +02:00
models Don't allow URLs that contain non-normalized paths to be verified (#20999) 2022-11-20 19:28:13 +01:00
policies Add ability to view previous edits of a status in admin UI (#19462) 2022-10-26 13:42:29 +02:00
presenters Add image processing and generate blurhash for server thumbnail (#19348) 2022-10-13 11:29:19 +02:00
requests Change public accounts pages to mount the web UI (#19319) 2022-10-20 14:35:29 +02:00
routing Change public accounts pages to mount the web UI (#19319) 2022-10-20 14:35:29 +02:00
serializers/activitypub Fix account URI in UpdatePollSerializer (#11194) 2019-06-27 19:41:55 +02:00
services Fix style for hashes (#20518) 2022-11-17 11:05:39 +01:00
support Spelling (#17705) 2022-03-06 22:51:40 +01:00
validators Add administrative webhooks (#18510) 2022-06-09 21:57:36 +02:00
views/statuses Fix style for hashes (#20518) 2022-11-17 11:05:39 +01:00
workers Fix followers count not being updated when migrating follows (#19998) 2022-11-07 15:38:55 +01:00
rails_helper.rb Fix single Redis connection being used across all threads (#18135) 2022-04-28 17:47:34 +02:00
spec_helper.rb Improve tests involving push_bulk (#17508) 2022-02-10 19:42:45 +01:00