Ken Powers
fccf1eec30
Fix file size limitation
2019-07-16 14:48:40 -07:00
Disconnect3d
fa4b2d412f
Fix SUPPORTED_MEDIA_DOMAINS regex whitelist ( #3459 )
...
The `SUPPORTED_MEDIA_DOMAINS` regex whitelist, used to check if media link comes from trusted hosts is invalid. It does not expose a security risk or I couldn't find an example for such as of now, but if someone would add a subdomain host to it using the same pattern, it would.
A counter example below:
```js
const SUPPORTED_MEDIA_DOMAINS = /^([^.]+\.)*(ytimg.com|cdninstagram.com|redd.it|imgur.com|fbcdn.net|pinimg.com)$/i;
console.log('Testing redd.it: ' + SUPPORTED_MEDIA_DOMAINS.test('redd.it'));
console.log('Testing reddjit: ' + SUPPORTED_MEDIA_DOMAINS.test('reddjit'));
```
Output:
```
$ node example.js
Testing redd.it: true
Testing reddjit: true
```
---
To be more clear, if someone would extend the regex in the future with e.g. `media.redd.it`, an attacker would be able to create a `mediaXredd.it` domain and bypass the whitelist.
---
A visualisation of the incorrect regex can be found on https://regexper.com/#%5E%28%5B%5E.%5D%2B%5C.%29*%28ytimg.com%7Ccdninstagram.com%7Credd.it%7Cimgur.com%7Cfbcdn.net%7Cpinimg.com%29%24
The issue has been found with LGTM: b626ef0b64/files/js/modules/link_previews.js (xdabadfc2bf20f0c3)
:1
2019-07-16 13:28:16 -07:00
Buck Doyle
f2dd10cd1a
Update search for colon-syntax emoji to ignore case ( #3443 )
...
* Add tests for existing replaceColons functionality
* Update to lowercase before matching short names
* Update lib_test.ts
2019-07-08 16:38:25 -04:00
Ken Powers
cb272111ab
Run yarn format
2019-07-08 16:29:45 -04:00
Scott Nonnenberg
0df9b4b8fb
Prevent multiple parallel signed prekey rotations
...
* Prevent multiple parallel signed prekey rotations
* When logging error, recalculate id to capture sealed sender info
2019-07-03 14:56:49 -04:00
AJ Jordan
22f5c01247
Fix typo ( #3345 )
2019-06-28 13:07:00 -04:00
Scott Nonnenberg
4457dca72c
v1.25.3-beta.1
2019-06-27 15:58:04 -07:00
Scott Nonnenberg
1464167e6b
Lint fixes
2019-06-27 15:45:28 -07:00
Ken Powers
35b12d9b72
Preload emoji images in queue
2019-06-27 15:33:15 -07:00
Ken Powers
ba2c32304b
Increase window min-height for the new Emoji picker
2019-06-27 15:21:08 -07:00
Scott Nonnenberg
569acb091c
Migrate from IndexedDB before doing new version checks
2019-06-27 15:21:08 -07:00
Ken Powers
45f2bef8fe
Tokenize fuzzy search for emoji
2019-06-27 15:21:08 -07:00
Scott Nonnenberg
27e9c5fb1d
v1.25.2-beta.4
2019-06-24 14:19:00 -07:00
Scott Nonnenberg
cc4886caa5
Ensure only one active attachment download setTimeout
2019-06-24 13:39:37 -07:00
Scott Nonnenberg
ab2cc6ee53
Properly download new group avatars
2019-06-24 14:51:33 -04:00
Scott Nonnenberg
d97dae6a87
Capture id after first save for incoming error messages
2019-06-24 14:47:43 -04:00
Scott Nonnenberg
48691a2558
Clean up transaction handling in sql.js
2019-06-24 14:43:45 -04:00
Scott Nonnenberg
3feb0037e5
Ensure that long message attachments don't show in media gallery
2019-06-21 16:13:42 -07:00
Scott Nonnenberg
ddae8708b4
v1.25.2-beta.3
2019-06-20 17:59:56 -07:00
Peter Uithoven
9f36524a8d
Add desktopName to package.json to fix linux badge ( #3390 )
2019-06-20 17:49:19 -07:00
Scott Nonnenberg
102b93241c
Only preload emoji after the window is fully loaded
2019-06-20 17:48:54 -07:00
Scott Nonnenberg
18d59bfa47
v1.25.2-beta.2
2019-06-20 16:24:21 -07:00
Scott Nonnenberg
89a879811d
Revert "Add desktopName to package.json to fix linux badge" ( #3409 )
...
This reverts commit 9376dba806
.
2019-06-20 16:23:33 -07:00
Scott Nonnenberg
07716b829d
v1.25.2-beta.1
2019-06-19 16:29:35 -07:00
Scott Nonnenberg
6caccdda5b
Lint fixes after recent PR merges
2019-06-19 16:23:57 -07:00
Tim Ruffing
6150c3dcc0
Improve performance of _getLeftPaneList ( #3398 )
...
* Improve efficiency of conversation sorting in getLeftPaneLists
- Sort conversations and archivedConversations separately, without
items that had falsey activeAt
- Don't convert conversation titles to lowercase before comparing:
collator.compare() is case-insensitive anyway.
* Enable caching for format() in PhoneNumber
2019-06-19 15:58:54 -07:00
Peter Uithoven
9376dba806
Add desktopName to package.json to fix linux badge ( #3390 )
2019-06-19 15:57:10 -07:00
Scott Nonnenberg
277780360c
Update string for unspported message after upgrade
2019-06-19 15:52:57 -07:00
Scott Nonnenberg
62fd2858a5
Lint fixes after js-yaml update
2019-06-19 16:51:28 -04:00
Scott Nonnenberg
8ece7fac19
Update js-yaml dependency
2019-06-19 13:00:28 -04:00
Scott Nonnenberg
6c8bce7b9f
Fix incorrect contentType/extension for outgoing resized image attachments
...
* Use contentType from conversion when resizing outgoing images
* Update outgoing filename with proper extension after resize
2019-06-19 11:51:23 -04:00
Ken Powers
dcf6a5f59c
Use individual images in emoji picker rather than a spritesheet
2019-06-17 11:46:42 -07:00
Scott Nonnenberg
cc7b9da0cf
Ensure that all event handling in background.js is queued
2019-06-14 18:17:37 -04:00
Scott Nonnenberg
649544dfac
Force unique filename when saving files from multi-attachment msg
...
* Force unique filename when saving files from multi-attachment msg
* Don't use attachment filenames if index is provided at all
2019-06-14 14:58:33 -04:00
Scott Nonnenberg
e19067861e
ConversationView - extract all header setup into new method
2019-06-11 11:07:56 -04:00
Scott Nonnenberg
ca1e6c3ccd
To prevent crashes, catch thrown error from tray.setIcon
2019-06-10 17:41:05 -04:00
Scott Nonnenberg
9fd867fdd1
Support new 'requiredProtocolVersion' in DataMessage
...
* Add new requiredProtocolVersion field to DataMessage
* Message.requiredProtocolVersion, warning if version mot supported
* Update strings; limit width; new left pane preview text
2019-06-10 17:40:02 -04:00
Scott Nonnenberg
dd98477479
For 'me,' prefer signal profile avatar over address book info
2019-06-07 14:40:34 -04:00
Scott Nonnenberg
3505ab9198
Drop profile on missing profile key, drop avatar on download 403
2019-06-07 13:20:39 -04:00
Ken Powers
f4cb1194c6
Tune emoji search
2019-06-06 11:43:03 -07:00
Ken Powers
3a46f4c9a2
Upgrade emoji-datasource to 4.1.0
2019-06-06 11:28:47 -07:00
Scott Nonnenberg
071b4565bd
v1.25.1-beta.1
2019-05-31 15:42:01 -07:00
Ken Powers
d23efc6717
Send message when pressing enter in the emoji picker
2019-05-31 14:58:53 -07:00
Ken Powers
0a16c905b9
Ensure long contact names do not push contents outside of the window
2019-05-31 14:52:22 -07:00
Scott Nonnenberg
a3068c74dc
v1.25.0-beta.6
2019-05-30 16:53:38 -07:00
Ken Powers
e688450f23
Don't convert emoji text unless the shortname is valid
2019-05-30 16:37:28 -07:00
Ken Powers
a934759e66
Maintain last-known cursor position for inserting emojis
2019-05-30 16:37:28 -07:00
Scott Nonnenberg
93335f8759
v1.25.0-beta.5
2019-05-30 12:52:11 -07:00
Scott Nonnenberg
344885d8b1
Focus message box on emoji panel close, don't dismiss on shift
2019-05-30 12:43:18 -07:00
Ken Powers
feb4da874b
Enable keyboard navigation in EmojiPicker.
2019-05-30 12:43:18 -07:00