Commit Graph

737 Commits

Author SHA1 Message Date
Bat
d8ca1d70b7 Fix CSRF issues
GET routes are not protected against CSRF. This commit changes the needed URLs to
POST and replace simple links with forms.

Thanks @fdb-hiroshima for noticing it!
2018-09-19 18:13:07 +01:00
Trinity Pointard
f0fb030c7f Update recommended nginx config
Update recommended nginx config to allow iframes
close #234
2018-09-19 18:18:39 +02:00
Bat
1500267125 Add canapi and try to use for the API 2018-09-19 15:49:34 +01:00
Trinity Pointard
fab6360100 Be less restrictive on authorized html tags
Allow users to add ids to tags
Allow users to use iframes
2018-09-19 10:51:27 +02:00
Baptiste Gelez
2bc6052a35
Replace plume by DATABASE_NAME in the docs
To make it clearer you can have multiple Plume instances/databases on the same server, and that this part of the URL may change too.
2018-09-18 21:40:20 +01:00
Baptiste Gelez
d8bfd6d39f
Create ISSUE_TEMPLATE.md 2018-09-18 15:40:17 +01:00
Baptiste Gelez
064c5961e7
Add a CoC
Finally!
2018-09-18 13:59:43 +01:00
Baptiste Gelez
eb24ba1774
Merge pull request #223 from igalic/fix/safe-string
make blog/instance description a SafeString
2018-09-14 20:56:13 +01:00
Igor Galić
fb074e6344
render SafeString thru |safe
thanks again to @fdb-hiroshima for pointing me in the right direction!
2018-09-14 21:44:32 +02:00
Igor Galić
06718a5c8a
directly use SafeString in InstanceSettingsForm 2018-09-14 20:25:16 +02:00
Igor Galić
d62c72dde0
allocate new SafeString in FromFormValue impl
thanks to @fdb-hiroshima for this review!
2018-09-14 19:50:59 +02:00
Igor Galić
0897088aa5
add implementation for FromFormValue for SafeString
thanks again to @pwoolcoc for this!
2018-09-14 18:26:42 +02:00
Igor Galić
65e213309b
do not allocate empty strings
follow review from @pwoolcoc, and do not use

    SafeString::new(&<String>::new())

since this makes an allocation which will then just be thrown away.
Instead, we pass ""
2018-09-14 18:24:27 +02:00
Igor Galić
f5c299f23c
make blog/instance description a SafeString
long_description & short_description's documentation say they can be
Markdown, but they are String, not SafeString.

This led to escaped strings being printed in the editor
https://github.com/Plume-org/Plume/issues/220
2018-09-14 15:14:24 +02:00
Baptiste Gelez
d355379e01
Merge pull request #219 from igalic/fix/env-howto
improve installation "docs"
2018-09-13 19:38:00 +01:00
Igor Galić
e7b5d81687
gitignore docker-compose.yml 2018-09-13 17:21:20 +02:00
Igor Galić
dfc76757bb
fix comment in docker.sample.env
docker's sample .env file under docs/ which contains the wrong command
to generate a rocket secret_key
2018-09-13 17:18:25 +02:00
Bat
5b138df8ce Remove duplicated message in gl.po 2018-09-12 17:07:41 +01:00
Bat
0200a7b223 Only send notifications for mentions if the post is not a draft 2018-09-12 17:00:00 +01:00
Bat
b01212f4a6 Make it impossible to view drafts if you are not the author
Even if you got the URL
2018-09-12 16:58:38 +01:00
Bat
296aa2fbbb Merge branch 'master' of github.com:Plume-org/Plume 2018-09-12 13:41:10 +01:00
Baptiste Gelez
ab640011e3
Merge pull request #215 from xmgz/master
update galician
2018-09-12 13:37:03 +01:00
Xose M
f5633f4e7f
Merge branch 'master' into master 2018-09-12 07:40:16 +02:00
Xosé M
3d52afc804 fixed some fuzzies & new 2018-09-12 07:23:23 +02:00
Xosé M
c5d93a2951 update 2018-09-12 07:15:33 +02:00
Bat
8fa83dfe25 Version bump
0.1.x was the pre-alpha.

The first Alpha will be 0.2.x
2018-09-11 19:53:14 +01:00
Bat
abe90706ff Avoid showing GetText metadata when trying to translate empty strings 2018-09-11 19:34:47 +01:00
Bat
efb71bc40c Translate details in fields label 2018-09-11 19:33:16 +01:00
Bat
d50f989977 Add forgotten message to POT
And translate it in French
2018-09-11 19:30:24 +01:00
Baptiste Gelez
13ef50bb78
Merge pull request #212 from zcdunn/add_webapp_manifest
Add webapp manifest
2018-09-10 20:44:44 +01:00
Bat
501fb39ad6 Update fr.po 2018-09-10 20:42:13 +01:00
Bat
18a892ee61 Update translations
Make sure everything is translatable
2018-09-10 20:23:35 +01:00
Bat
3314387025 Merge branch 'master' of github.com:Plume-org/Plume 2018-09-10 20:06:48 +01:00
Bat
10da8f31b6 Hide articles on public pages
Only show them in the dashboard
2018-09-10 20:06:00 +01:00
Zachary Dunn
8765b12229 Unwrap option 2018-09-10 14:54:18 -04:00
Bat
8879935925 Add the possibility to save an article as draft 2018-09-10 19:38:19 +01:00
Zachary Dunn
fb66b087a4 Merge branch 'add_webapp_manifest' of https://github.com/zcdunn/Plume into add_webapp_manifest 2018-09-10 10:15:25 -04:00
Zachary Dunn
3a81dd7089 Add webapp manifest 2018-09-10 10:14:08 -04:00
Zachary Dunn
2f166bab49 Add webapp manifest 2018-09-10 10:08:22 -04:00
Baptiste Gelez
64a9d8f1f3
Merge pull request #211 from bnjbvr/patch-1
Update markup and use more idiomatic English
2018-09-10 12:47:44 +01:00
Benjamin Bouvier
592ed570b7
Update markup and use more idiomatic English 2018-09-10 13:22:23 +02:00
Bat
fcdd3d4c1a Don't compress avatars
Fixes #210
2018-09-09 21:41:55 +01:00
Bat
de3707983a Account deletion
Fixes #182
2018-09-09 20:49:24 +01:00
Bat
a3b7d5557b Allow newer Tera versions
Tera 0.11.15 was released, and fixes the bug that forced us to downgrade.
2018-09-09 18:53:28 +01:00
Bat
e9337259f8 Pad avatars in user list 2018-09-09 17:17:12 +01:00
Bat
663627c375 Add a default avatar
Really ugly, but is all my skills are permitting
2018-09-09 17:02:16 +01:00
Bat
b48d1694f3 Don't call ap_url for comments, since they are based on posts URLs 2018-09-09 16:22:58 +01:00
Bat
54f6e7dfc6 Use a more classical flow for creating comments
Don't locally federate them anymore

It allows us to have them fetched later too
2018-09-09 16:08:53 +01:00
Bat
642884034d Fix build errors 2018-09-09 12:37:20 +01:00
Bat
08cb337df6 Broadcast activities to all known instances
We consider everything posted with Plume public (for the moment at least)
2018-09-09 12:19:11 +01:00