nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
diaspora/lib
History
Maxwell Salzberg 190fceaf5c [SECURITY FIX] please update your pod ASAP 
This is a fix for public messages, where a malicious pod could spoof a message from someone a user was connected to, as the verified signatures were not checked that the object was also from said sender.  This hole only affected public messages, and the private part of code had the correct checks
THX to s-f-s(Stephan Schulz) for reporting and tracking down this issue, and props to Raven24(florian.staudacher@gmx.at) for helping me test the patch
2012-07-02 10:00:12 -07:00
..
diaspora Rails.root and File.join cleanup 2012-06-11 03:13:20 -07:00
federated seperate interactions from posts 2012-05-12 17:41:58 -07:00
messagebus fix for the messagebusmailer to be happy 2012-01-03 23:31:24 -08:00
postzord [SECURITY FIX] please update your pod ASAP 2012-07-02 10:00:12 -07:00
rack upgrade to Rails 3.2.3 2012-05-14 21:53:16 -07:00
salmon Autoload needs a string, not a Pathname 2012-06-11 15:11:05 -07:00
stream Rails.root and File.join cleanup 2012-06-11 03:13:20 -07:00
tasks Rails.root and File.join cleanup 2012-06-11 03:13:20 -07:00
admin_rack.rb move admin rack to its own file 2011-09-16 13:33:05 -07:00
collect_user_photos.rb Make Photos not inherit from Posts 2011-10-16 13:58:35 +02:00
csv_generator.rb Rails.root and File.join cleanup 2012-06-11 03:13:20 -07:00
development_mail_interceptor.rb should send the email when a new request is received. emails in dev should be intercepted to email@joindiaspora.com for now 2010-10-22 00:49:01 -07:00
diaspora.rb introduce the idea of Federated::Base. this is mostly just renaming and collasping of different federation modules, but also starting a direct hiearchy of these federation classes to make everything easier to refactor 2012-02-25 16:57:14 -08:00
direction_detector.rb MS DG update copyright 2011-09-14 11:23:12 -07:00
email_inviter.rb fixed rspec tests, more fit and finish around how the invite code works, 2012-03-16 17:56:35 -07:00
encryptor.rb upgrade to Rails 3.2.3 2012-05-14 21:53:16 -07:00
enviroment_configuration.rb Rails.root and File.join cleanup 2012-06-11 03:13:20 -07:00
evil_query.rb unambigousify community spotlight query in the multi stream, fix #3196 2012-04-28 12:28:07 +02:00
exceptions.rb show a "post is not public" message when visitor is not logged in 2012-06-07 22:16:37 +02:00
federation_logger.rb [SECURITY FIX] please update your pod ASAP 2012-07-02 10:00:12 -07:00
hcard.rb MS DG update copyright 2011-09-14 11:23:12 -07:00
hydra_wrapper.rb rename some stuff in hydra to make it more clear [ci skip] 2012-02-25 18:19:19 -08:00
i18n_interpolation_fallbacks.rb Fix interaction between I18n fallbacks and our interpolation fallback code. Refactor I18n tests into their own file. Remove some test support code that made it hard to test I18n. 2011-07-30 22:41:46 -07:00
postzord.rb MS DG update copyright 2011-09-14 11:23:12 -07:00
publisher.rb Mention the person who invited a user on first message 2011-10-31 22:16:58 -05:00
pubsubhubbub.rb fix some tests around pubsubhubub 2012-05-17 18:23:40 -07:00
rake_helpers.rb fixed rspec tests, more fit and finish around how the invite code works, 2012-03-16 17:56:35 -07:00
share_visibility_converter.rb Correct our general exception handling. 2012-03-03 16:26:06 -08:00
statistics.rb added first_name to csv task 2011-11-01 14:20:37 -07:00
stream.rb yeah I need to commit the files i guess 2011-10-13 22:27:07 -07:00
template_picker.rb kill rich-media type with fire 2012-05-21 12:33:28 -07:00
unicorn_killer.rb add unicorn back in. only use one worker process for now. also, move chrome_frame middleware into the correct load path in lib. [ci skip] 2012-01-24 14:56:55 -08:00
webfinger.rb tinker with log messages for readability 2012-06-15 17:43:14 +02:00
webfinger_profile.rb improve webfinger failure handling 2012-04-27 16:53:26 +02:00