GET routes are not protected against CSRF. This commit changes the needed URLs to
POST and replace simple links with forms.
Thanks @fdb-hiroshima for noticing it!
follow review from @pwoolcoc, and do not use
SafeString::new(&<String>::new())
since this makes an allocation which will then just be thrown away.
Instead, we pass ""
long_description & short_description's documentation say they can be
Markdown, but they are String, not SafeString.
This led to escaped strings being printed in the editor
https://github.com/Plume-org/Plume/issues/220
With this patch, Plume will be use a more up-to-date revision of
Rocket, that works with nightly-2018-07-17. It may have been able to
make it work with a more recent revision, but it turns out rocket has
introduced several breaking changes so I’d rather fix those.
Besides updating rocket_i18n and rocket_csrf to use the same revision
than Plume, this patch deals with the new implementation of the
Uri<'_> type. It silents a class of warnings, to deal with a change in
rustc which affects diesel. This latter change should be reverted as
soon as diesel releases a new version of its crate.
The code is divided in three crates:
- plume-common, for the ActivityPub module, and some common utils
- plume-models, for the models and database-related code
- plume, the app itself
This new organization will allow to test it more easily, but also to create other tools that only reuse a little part of
the code (for instance a Wordpress import tool, that would just use the plume-models crate)
If we want to add, for instance, streams in the future, we could introduce
a new trait for that, similar to FromActivity or Notify
We also display inbox errors to the "client" if something fails,
which could be useful for debugging.
