mirrors/signal-desktop
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 2 Wiki Activity Actions
5144 commits 1 branch 124 tags 2.8 GiB
Commit graph

2915 commits

Author SHA1 Message Date
Scott Nonnenberg
e09fa7b402 Ensure suggested attachment filenames are consistent 2019-07-17 11:29:51 -07:00
Scott Nonnenberg
cb2c691667 Improve queuing strategies in the app 2019-07-17 11:29:51 -07:00
Ken Powers
7b645011c2 New composition area with emoji typeahead 2019-07-17 11:29:51 -07:00
Scott Nonnenberg
e62a1a7812 Receive support for View Once photos 2019-07-17 11:29:51 -07:00
Ken Powers
fccf1eec30 Fix file size limitation 2019-07-16 14:48:40 -07:00
Disconnect3d
fa4b2d412f Fix SUPPORTED_MEDIA_DOMAINS regex whitelist (#3459) 
The `SUPPORTED_MEDIA_DOMAINS` regex whitelist, used to check if media link comes from trusted hosts is invalid. It does not expose a security risk or I couldn't find an example for such as of now, but if someone would add a subdomain host to it using the same pattern, it would.

A counter example below:
```js
const SUPPORTED_MEDIA_DOMAINS = /^([^.]+\.)*(ytimg.com|cdninstagram.com|redd.it|imgur.com|fbcdn.net|pinimg.com)$/i;

console.log('Testing redd.it: ' + SUPPORTED_MEDIA_DOMAINS.test('redd.it'));
console.log('Testing reddjit: ' + SUPPORTED_MEDIA_DOMAINS.test('reddjit'));
```

Output:
```
$ node example.js
Testing redd.it: true
Testing reddjit: true
```

---

To be more clear, if someone would extend the regex in the future with e.g. `media.redd.it`, an attacker would be able to create a `mediaXredd.it` domain and bypass the whitelist.

---

A visualisation of the incorrect regex can be found on https://regexper.com/#%5E%28%5B%5E.%5D%2B%5C.%29*%28ytimg.com%7Ccdninstagram.com%7Credd.it%7Cimgur.com%7Cfbcdn.net%7Cpinimg.com%29%24

The issue has been found with LGTM: b626ef0b64/files/js/modules/link_previews.js (xdabadfc2bf20f0c3):1
 2019-07-16 13:28:16 -07:00
Ken Powers
cb272111ab Run yarn format 2019-07-08 16:29:45 -04:00
Scott Nonnenberg
0df9b4b8fb Prevent multiple parallel signed prekey rotations 
* Prevent multiple parallel signed prekey rotations

* When logging error, recalculate id to capture sealed sender info
 2019-07-03 14:56:49 -04:00
AJ Jordan
22f5c01247 Fix typo (#3345) 2019-06-28 13:07:00 -04:00
Scott Nonnenberg
569acb091c Migrate from IndexedDB before doing new version checks 2019-06-27 15:21:08 -07:00
Scott Nonnenberg
cc4886caa5 Ensure only one active attachment download setTimeout 2019-06-24 13:39:37 -07:00
Scott Nonnenberg
ab2cc6ee53 Properly download new group avatars 2019-06-24 14:51:33 -04:00
Scott Nonnenberg
d97dae6a87 Capture id after first save for incoming error messages 2019-06-24 14:47:43 -04:00
Scott Nonnenberg
3feb0037e5 Ensure that long message attachments don't show in media gallery 2019-06-21 16:13:42 -07:00
Scott Nonnenberg
102b93241c Only preload emoji after the window is fully loaded 2019-06-20 17:48:54 -07:00
Scott Nonnenberg
6c8bce7b9f Fix incorrect contentType/extension for outgoing resized image attachments 
* Use contentType from conversion when resizing outgoing images

* Update outgoing filename with proper extension after resize
 2019-06-19 11:51:23 -04:00
Scott Nonnenberg
cc7b9da0cf Ensure that all event handling in background.js is queued 2019-06-14 18:17:37 -04:00
Scott Nonnenberg
e19067861e ConversationView - extract all header setup into new method 2019-06-11 11:07:56 -04:00
Scott Nonnenberg
9fd867fdd1 Support new 'requiredProtocolVersion' in DataMessage 
* Add new requiredProtocolVersion field to DataMessage

* Message.requiredProtocolVersion, warning if version mot supported

* Update strings; limit width; new left pane preview text
 2019-06-10 17:40:02 -04:00
Scott Nonnenberg
dd98477479 For 'me,' prefer signal profile avatar over address book info 2019-06-07 14:40:34 -04:00
Scott Nonnenberg
3505ab9198 Drop profile on missing profile key, drop avatar on download 403 2019-06-07 13:20:39 -04:00
Ken Powers
d23efc6717 Send message when pressing enter in the emoji picker 2019-05-31 14:58:53 -07:00
Ken Powers
a934759e66 Maintain last-known cursor position for inserting emojis 2019-05-30 16:37:28 -07:00
Scott Nonnenberg
344885d8b1 Focus message box on emoji panel close, don't dismiss on shift 2019-05-30 12:43:18 -07:00
Ken Powers
feb4da874b Enable keyboard navigation in EmojiPicker. 2019-05-30 12:43:18 -07:00
Scott Nonnenberg
86a38d2f2b Exclude invalid recent emoji, simplify items redux structure 2019-05-30 12:43:18 -07:00
Scott Nonnenberg
b221dcff5a Only use attemptedStatus on re-download if it is 'installed' 2019-05-30 12:43:18 -07:00
Ken Powers
be5d0837f8 Support additional sticker states 
Co-authored-by: scott@signal.org
Co-authored-by: ken@signal.org
 2019-05-29 11:01:32 -07:00
Scott Nonnenberg
41880cfe66 Add some logging for debug log upload 2019-05-28 17:24:28 -07:00
Ken Powers
0e9d549cf3 Fuzzy-Searchable Emoji Picker 2019-05-24 17:03:13 -07:00
Scott Nonnenberg
2f47a3570b Update NetworkStatusView on message error instead of plain render 2019-05-24 13:14:51 -04:00
Scott Nonnenberg
e18b6bed1f Refactor 'waiting' flags into one location, fix timestamp check 2019-05-16 17:15:54 -07:00
Ken Powers
fd36720079 Add "system" theme setting for MacOS 2019-05-16 17:15:54 -07:00
Scott Nonnenberg
47e46e0f43 Improved handling of group changes 2019-05-16 17:15:54 -07:00
Ken Powers
29de50c12a Stickers 
Co-authored-by: scott@signal.org
Co-authored-by: ken@signal.org
 2019-05-16 16:10:37 -07:00
Scott Nonnenberg
13ad4abaea Handle and send isRecipientUpdate sync messages 
* Handle and send isRecipientUpdate sync messages
* Disable sending isRecipientUpdates for now
 2019-05-16 15:43:29 -07:00
Scott Nonnenberg
8c365b1a3a Don't add duplicate errors to the database 2019-05-16 15:43:29 -07:00
Scott Nonnenberg
26a3342d2a Padded attachments, attachments v2 
* Handle incoming padded attachments
* Attachments v2 - multipart form POST, and direct CDN GET access
* Pad outgoing attachments before encryption (disabled for now)
 2019-05-16 15:43:29 -07:00
Michael Walker
4a8e0bd466 Add pinterest domain and asset domains for link preview support 
Co-authored-by: ken@signal.org
Co-authored-by: @cmswalker
 2019-05-16 15:43:29 -07:00
Scott Nonnenberg
5a5bb859e6 Conversation: Update last message after deleting all messages 2019-05-16 15:23:21 -07:00
Scott Nonnenberg
2cae8d3c25 Fix for incorrect checkmarks when syncs were received offline 2019-05-16 15:23:21 -07:00
Scott Nonnenberg
4470f95e9d Move redux setup to central location - background.js 2019-05-16 15:23:21 -07:00
Scott Nonnenberg
c41bc53614 Refactor messages model; New timeline react components 2019-05-16 15:23:21 -07:00
Scott Nonnenberg
d342b23cbc Refactor: Prepare Message function props for conversation scope 2019-05-07 09:41:09 -07:00
Scott Nonnenberg
fca40cb548 Disable keyboard shortcut for conversation archive 2019-04-17 14:19:32 -07:00
Scott Nonnenberg
b31fbcaa17 Don't send if message body is too long 2019-04-16 14:35:16 -07:00
Scott Nonnenberg
22f7a352f9 updateLastMessage: If we don't update last text, clear it 2019-04-12 14:06:34 -07:00
Scott Nonnenberg
62de2a229d Add logging to track synchronization in message processing 2019-04-10 12:15:00 -07:00
Derek Meer
7727dc093e Hides the "Hide menu bar" option on MacOS (#2903) 
The "Hide menu bar" option is only applicable to Windows and some Linux distros,
where the menu bar is attached to the Signal window. Therefore, this commit
ensures that it doesn't show up on MacOS. It includes a setting,
isHideMenuBarSupported(), to control the option's appearance. This
commit also includes the tests to make sure isHideMenuBarSupported()
works correctly.

Fixes #2705
 2019-04-08 10:25:14 -07:00
Scott Nonnenberg
629dc8737b Fix issue where 'delete messages' was not clickable second time 2019-04-05 17:18:37 -07:00