mirrors/signal-desktop
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 2 Wiki Activity Actions
5135 commits 1 branch 193 tags 8.7 GiB
Commit graph

340 commits

Author SHA1 Message Date
Ken Powers
980862768b Linkify URLs containing @ 2020-04-29 17:42:41 -07:00
Scott Nonnenberg
aaa91c441b Ensure old attachments with .id field only are handled 2020-04-29 17:42:41 -07:00
Ehren Kret
a0e9791623 Add support for receiving attachments from CDN 2 2020-04-29 17:42:41 -07:00
Scott Nonnenberg
6b094e1514 Refactor: Move data-access code to Typescript w/ shared interface 2020-04-15 14:45:11 -07:00
Scott Nonnenberg
9ab54b9b83 Move web_api.js and js/modules/crypto.js to TypeScript 2020-04-15 14:44:51 -07:00
Scott Nonnenberg
71436d18e2 Include sender in group update notifications 2020-04-15 14:44:46 -07:00
Ken Powers
a1270867ff Debug Logs: gzip before upload 2020-03-24 17:03:22 -07:00
Ken Powers
37ad95af27 Passive UUID fixes 2020-03-24 17:03:22 -07:00
Scott Nonnenberg
8d6cba1b43 Eliminate remaining Electron 8 deprecations 
* Change systemPreferences.isDarkMode() to nativeTheme.shouldUseDarkColors

* Remove vibrancy parameter to BrowserWindow

* Update curve25519-n; removes context-aware deprecation warning

* Set app.allowRendererProcessReuse = true to remove warning

* Move from deprecated setters to direct property set

* Serialized sender certificates: Store less, store plain object

* isMenuBarAutoHide -> autoHideMenuBar

* UUID: Fix sealed sender indicator on message details screen

* Data._cleanData: Remove function keys, handle null in array

Also:
- run _cleanData when saving attachment download jobs
- remove job from jobs table when the send itself throws error

* _cleanData: Don't dig into strings, booleans, or numbers

* getPropsForMessageDetail: Make it clear what we're reducing

Co-authored-by: Ken Powers <ken@signal.org>
 2020-03-24 17:03:01 -07:00
Ken Powers
a90246cbe5 Passive UUID support 
Co-authored-by: Scott Nonnenberg <scott@signal.org>
 2020-03-24 16:59:35 -07:00
Scott Nonnenberg
a840e2e5b1 Remove legacy import flow 2020-03-04 17:12:56 -08:00
Josh Perez
60773d28d5
 		Fix new sticker pack keys 2020-02-24 17:03:55 -08:00
Ken Powers
8d9ccd3c0a
 		Ensure proper file permissions on startup 
Co-authored-by: Scott Nonnenberg <scott@signal.org>
 2020-02-21 15:40:04 -08:00
Josh Perez
6b56dd4ce0
 		Move registration from redux selectors to util 2020-02-21 15:08:21 -08:00
Ken Powers
f0028a5cfe Don't linkify invalid URLs 2020-02-19 15:22:37 -08:00
Josh Perez
1881fa5fa5
 		Add swoon sticker packs as blessed and known 
* Add swoon sticker packs as blessed and known
* Do not install blessed packs by default
 2020-02-18 14:36:59 -08:00
Josh Perez
0843f569a0
 		Adds additional logging to boot path 2020-02-18 10:48:58 -08:00
Josh Perez
18fd44f504
 		Move all status/alert dialogs into the Left Pane 2020-02-12 13:30:58 -08:00
Scott Nonnenberg
3938eb9801
 		A set of fixes and upgrades 
* writeToDownloads: Add missing await
* Remove window.isFocused() - not used anywhere!
* Update typescript, p-queue, make necessary changes to fix build
* Slow down sender certificate retries with no existing cert
* Slow down signed prekey refreshes when unlinked - 5s -> 5m
* Update protobufjs to 4.1.2
 2020-02-07 14:37:04 -05:00
Scott Nonnenberg
a271fe0eee Add version number to user-agent header on outgoing requests 2020-01-16 21:36:14 -08:00
Scott Nonnenberg
be6ae038dc Ensure sender cert refresh timer resets only when necessary 2020-01-16 21:36:14 -08:00
Ken Powers
8dbbde6790 Partial Revert "Conversation: Wait for database fetch to add incoming messages" 
This partially reverts commit bce711c36dfdb3eefda59a10aabe71058b3e40a2.
 2020-01-16 08:34:31 -08:00
Scott Nonnenberg
55eff02872 Reintroduce file chooser dialog for every attachment save 2020-01-15 17:23:02 -05:00
Scott Nonnenberg
1bf9ca7233 Save attachments with macOS quarantine attribute 
* Attachments: Always save file to downloads directory, show toast
* Add new build:dev command for casual builds
 2020-01-09 14:57:43 -05:00
Scott Nonnenberg
3e5071e340 Conversation: Wait for database fetch to add incoming messages 2020-01-09 09:43:47 -05:00
Ken Powers
0d3b390129 Upgrade Prettier 2020-01-08 09:44:54 -08:00
Ken Powers
fe65fd3eaa Sticker creator updates: new 200 sticker max, WebP supported 2019-12-19 15:27:02 -08:00
Scott Nonnenberg
f5be32ba14 Simplify linkification filter - check for ASCII/non-ASCII only 2019-12-18 14:45:11 -05:00
Ken Powers
11d47a8eb9 Sticker Creator 2019-12-17 12:28:46 -08:00
Scott Nonnenberg
2df1ba6e61 Introduce two built-in sticker packs: Zozo and Bandit 2019-12-17 12:28:46 -08:00
Scott Nonnenberg
e9f08c3da9 Bugfixes for v1.29 
* If focus was set to document.body during archive, focus left pane
* Shortcut Guide: Add space between text and shortcut highlight
* Ensure that draft attachment can be closed with click on X button
* Move to keyDown event for user idle checking
* Additional resiliency around avatars; check for them on on-disk
* Increase timeouts to preserve websocket connection
* On startup, be resilient to malformed JSON in log files
* Don't crash if shell.openExternal returns an error
* Whenever we request a contact/group sync, also request block list
* Avatar popup: Ensure styling is mouse- and keyboard-appropriate
* MainHeader: Create popperRoot on demand, not on mount
* CompositionInput: Disable default Ctrl-/ shortcut
* Update libphonenumber
 2019-12-03 15:02:50 -05:00
Scott Nonnenberg
bb02fa3a7e Prevent conversation up/down when showing search results 2019-11-15 14:34:24 -08:00
Scott Nonnenberg
20a892247f Keyboard shortcuts and accessibility 2019-11-13 16:53:42 -08:00
Scott Nonnenberg
8590a047c7 Change domain for sharing sticker packs 2019-11-13 19:12:36 -05:00
Ken Powers
8659f1dd23 Fix a number of emoji bugs in message composer 2019-10-31 12:32:10 -07:00
Scott Nonnenberg
0c09f9620f Improve message download performance 2019-10-10 14:56:14 -07:00
Scott Nonnenberg
7ab2d9acc6 Video Thumbnails: Seek to 1s mark in video before capture 2019-09-24 13:43:08 -07:00
Scott Nonnenberg
b77246a7e0 When SQLITE_CORRUPT error happens, immediately restart the app 2019-09-24 13:43:08 -07:00
Scott Nonnenberg
3719724337 Prevent multiple instances of same background attachment job 2019-09-18 16:08:46 -07:00
Scott Nonnenberg
1ab844674a Ensure out-of-band attachment updates make new top-level objects 2019-09-03 20:07:47 -04:00
Scott Nonnenberg
936768d9c1 Recalculate message height when pending sticker is loaded 2019-08-22 15:41:55 -07:00
Scott Nonnenberg
c39d5a811a Full-text search within conversation 2019-08-21 14:52:30 -07:00
Scott Nonnenberg
9d4f2afa5a Persist drafts 2019-08-21 14:52:30 -07:00
Scott Nonnenberg
5ebd8bc690 Virtualize Messages List - only render what's visible 2019-08-21 14:52:30 -07:00
Scott Nonnenberg
a976cfe6b6 Time out faster for IndexedDB existence checks 2019-08-21 14:52:30 -07:00
Scott Nonnenberg
d42eb2126e Changes to View Once 2019-08-05 16:23:47 -07:00
Ken Powers
6c0365a770 One emoji image set for picker, composition, message bubble 2019-07-25 09:28:44 -07:00
Ken Powers
7b645011c2 New composition area with emoji typeahead 2019-07-17 11:29:51 -07:00
Scott Nonnenberg
e62a1a7812 Receive support for View Once photos 2019-07-17 11:29:51 -07:00
Disconnect3d
fa4b2d412f Fix SUPPORTED_MEDIA_DOMAINS regex whitelist (#3459) 
The `SUPPORTED_MEDIA_DOMAINS` regex whitelist, used to check if media link comes from trusted hosts is invalid. It does not expose a security risk or I couldn't find an example for such as of now, but if someone would add a subdomain host to it using the same pattern, it would.

A counter example below:
```js
const SUPPORTED_MEDIA_DOMAINS = /^([^.]+\.)*(ytimg.com|cdninstagram.com|redd.it|imgur.com|fbcdn.net|pinimg.com)$/i;

console.log('Testing redd.it: ' + SUPPORTED_MEDIA_DOMAINS.test('redd.it'));
console.log('Testing reddjit: ' + SUPPORTED_MEDIA_DOMAINS.test('reddjit'));
```

Output:
```
$ node example.js
Testing redd.it: true
Testing reddjit: true
```

---

To be more clear, if someone would extend the regex in the future with e.g. `media.redd.it`, an attacker would be able to create a `mediaXredd.it` domain and bypass the whitelist.

---

A visualisation of the incorrect regex can be found on https://regexper.com/#%5E%28%5B%5E.%5D%2B%5C.%29*%28ytimg.com%7Ccdninstagram.com%7Credd.it%7Cimgur.com%7Cfbcdn.net%7Cpinimg.com%29%24

The issue has been found with LGTM: https://lgtm.com/projects/g/signalapp/Signal-Desktop/snapshot/b626ef0b64bfa9867daff876a7cc680bc236897c/files/js/modules/link_previews.js?sort=name&dir=ASC&mode=heatmap#xdabadfc2bf20f0c3:1
 2019-07-16 13:28:16 -07:00