mirrors/signal-desktop
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4743 commits 1 branch 92 tags 13 GiB
Commit graph

4743 commits

This branch
This branch
All branches
Author SHA1 Message Date
Scott Nonnenberg
e62a1a7812 Receive support for View Once photos 2019-07-17 11:29:51 -07:00
Ken Powers
fccf1eec30 Fix file size limitation 2019-07-16 14:48:40 -07:00
Disconnect3d
fa4b2d412f Fix SUPPORTED_MEDIA_DOMAINS regex whitelist (#3459) 
The `SUPPORTED_MEDIA_DOMAINS` regex whitelist, used to check if media link comes from trusted hosts is invalid. It does not expose a security risk or I couldn't find an example for such as of now, but if someone would add a subdomain host to it using the same pattern, it would.

A counter example below:
```js
const SUPPORTED_MEDIA_DOMAINS = /^([^.]+\.)*(ytimg.com|cdninstagram.com|redd.it|imgur.com|fbcdn.net|pinimg.com)$/i;

console.log('Testing redd.it: ' + SUPPORTED_MEDIA_DOMAINS.test('redd.it'));
console.log('Testing reddjit: ' + SUPPORTED_MEDIA_DOMAINS.test('reddjit'));
```

Output:
```
$ node example.js
Testing redd.it: true
Testing reddjit: true
```

---

To be more clear, if someone would extend the regex in the future with e.g. `media.redd.it`, an attacker would be able to create a `mediaXredd.it` domain and bypass the whitelist.

---

A visualisation of the incorrect regex can be found on https://regexper.com/#%5E%28%5B%5E.%5D%2B%5C.%29*%28ytimg.com%7Ccdninstagram.com%7Credd.it%7Cimgur.com%7Cfbcdn.net%7Cpinimg.com%29%24

The issue has been found with LGTM: b626ef0b64/files/js/modules/link_previews.js (xdabadfc2bf20f0c3):1
 2019-07-16 13:28:16 -07:00
Buck Doyle
f2dd10cd1a Update search for colon-syntax emoji to ignore case (#3443) 
* Add tests for existing replaceColons functionality

* Update to lowercase before matching short names

* Update lib_test.ts
 2019-07-08 16:38:25 -04:00
Ken Powers
cb272111ab Run yarn format 2019-07-08 16:29:45 -04:00
Scott Nonnenberg
0df9b4b8fb Prevent multiple parallel signed prekey rotations 
* Prevent multiple parallel signed prekey rotations

* When logging error, recalculate id to capture sealed sender info
 2019-07-03 14:56:49 -04:00
AJ Jordan
22f5c01247 Fix typo (#3345) 2019-06-28 13:07:00 -04:00
Scott Nonnenberg
4457dca72c v1.25.3-beta.1 2019-06-27 15:58:04 -07:00
Scott Nonnenberg
1464167e6b Lint fixes 2019-06-27 15:45:28 -07:00
Ken Powers
35b12d9b72 Preload emoji images in queue 2019-06-27 15:33:15 -07:00
Ken Powers
ba2c32304b Increase window min-height for the new Emoji picker 2019-06-27 15:21:08 -07:00
Scott Nonnenberg
569acb091c Migrate from IndexedDB before doing new version checks 2019-06-27 15:21:08 -07:00
Ken Powers
45f2bef8fe Tokenize fuzzy search for emoji 2019-06-27 15:21:08 -07:00
Scott Nonnenberg
27e9c5fb1d v1.25.2-beta.4 2019-06-24 14:19:00 -07:00
Scott Nonnenberg
cc4886caa5 Ensure only one active attachment download setTimeout 2019-06-24 13:39:37 -07:00
Scott Nonnenberg
ab2cc6ee53 Properly download new group avatars 2019-06-24 14:51:33 -04:00
Scott Nonnenberg
d97dae6a87 Capture id after first save for incoming error messages 2019-06-24 14:47:43 -04:00
Scott Nonnenberg
48691a2558 Clean up transaction handling in sql.js 2019-06-24 14:43:45 -04:00
Scott Nonnenberg
3feb0037e5 Ensure that long message attachments don't show in media gallery 2019-06-21 16:13:42 -07:00
Scott Nonnenberg
ddae8708b4 v1.25.2-beta.3 2019-06-20 17:59:56 -07:00
Peter Uithoven
9f36524a8d Add desktopName to package.json to fix linux badge (#3390) 2019-06-20 17:49:19 -07:00
Scott Nonnenberg
102b93241c Only preload emoji after the window is fully loaded 2019-06-20 17:48:54 -07:00
Scott Nonnenberg
18d59bfa47 v1.25.2-beta.2 2019-06-20 16:24:21 -07:00
Scott Nonnenberg
89a879811d
Revert "Add desktopName to package.json to fix linux badge" (#3409) 
This reverts commit 9376dba806.
 2019-06-20 16:23:33 -07:00
Scott Nonnenberg
07716b829d v1.25.2-beta.1 2019-06-19 16:29:35 -07:00
Scott Nonnenberg
6caccdda5b Lint fixes after recent PR merges 2019-06-19 16:23:57 -07:00
Tim Ruffing
6150c3dcc0 Improve performance of _getLeftPaneList (#3398) 
* Improve efficiency of conversation sorting in getLeftPaneLists

- Sort conversations and archivedConversations separately, without 
  items that had falsey activeAt
- Don't convert conversation titles to lowercase before comparing:
  collator.compare() is case-insensitive anyway.

* Enable caching for format() in PhoneNumber
 2019-06-19 15:58:54 -07:00
Peter Uithoven
9376dba806 Add desktopName to package.json to fix linux badge (#3390) 2019-06-19 15:57:10 -07:00
Scott Nonnenberg
277780360c Update string for unspported message after upgrade 2019-06-19 15:52:57 -07:00
Scott Nonnenberg
62fd2858a5 Lint fixes after js-yaml update 2019-06-19 16:51:28 -04:00
Scott Nonnenberg
8ece7fac19 Update js-yaml dependency 2019-06-19 13:00:28 -04:00
Scott Nonnenberg
6c8bce7b9f Fix incorrect contentType/extension for outgoing resized image attachments 
* Use contentType from conversion when resizing outgoing images

* Update outgoing filename with proper extension after resize
 2019-06-19 11:51:23 -04:00
Ken Powers
dcf6a5f59c Use individual images in emoji picker rather than a spritesheet 2019-06-17 11:46:42 -07:00
Scott Nonnenberg
cc7b9da0cf Ensure that all event handling in background.js is queued 2019-06-14 18:17:37 -04:00
Scott Nonnenberg
649544dfac Force unique filename when saving files from multi-attachment msg 
* Force unique filename when saving files from multi-attachment msg

* Don't use attachment filenames if index is provided at all
 2019-06-14 14:58:33 -04:00
Scott Nonnenberg
e19067861e ConversationView - extract all header setup into new method 2019-06-11 11:07:56 -04:00
Scott Nonnenberg
ca1e6c3ccd To prevent crashes, catch thrown error from tray.setIcon 2019-06-10 17:41:05 -04:00
Scott Nonnenberg
9fd867fdd1 Support new 'requiredProtocolVersion' in DataMessage 
* Add new requiredProtocolVersion field to DataMessage

* Message.requiredProtocolVersion, warning if version mot supported

* Update strings; limit width; new left pane preview text
 2019-06-10 17:40:02 -04:00
Scott Nonnenberg
dd98477479 For 'me,' prefer signal profile avatar over address book info 2019-06-07 14:40:34 -04:00
Scott Nonnenberg
3505ab9198 Drop profile on missing profile key, drop avatar on download 403 2019-06-07 13:20:39 -04:00
Ken Powers
f4cb1194c6 Tune emoji search 2019-06-06 11:43:03 -07:00
Ken Powers
3a46f4c9a2 Upgrade emoji-datasource to 4.1.0 2019-06-06 11:28:47 -07:00
Scott Nonnenberg
071b4565bd v1.25.1-beta.1 2019-05-31 15:42:01 -07:00
Ken Powers
d23efc6717 Send message when pressing enter in the emoji picker 2019-05-31 14:58:53 -07:00
Ken Powers
0a16c905b9 Ensure long contact names do not push contents outside of the window 2019-05-31 14:52:22 -07:00
Scott Nonnenberg
a3068c74dc v1.25.0-beta.6 2019-05-30 16:53:38 -07:00
Ken Powers
e688450f23 Don't convert emoji text unless the shortname is valid 2019-05-30 16:37:28 -07:00
Ken Powers
a934759e66 Maintain last-known cursor position for inserting emojis 2019-05-30 16:37:28 -07:00
Scott Nonnenberg
93335f8759 v1.25.0-beta.5 2019-05-30 12:52:11 -07:00
Scott Nonnenberg
344885d8b1 Focus message box on emoji panel close, don't dismiss on shift 2019-05-30 12:43:18 -07:00