diff --git a/CHANGELOG.md b/CHANGELOG.md
index 004a0baa8e..ad084c8a56 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,26 @@
All notable changes to this project will be documented in this file.
+## [4.4.5] - 2025-09-23
+
+### Security
+
+- Update dependencies
+
+### Added
+
+- Add support for `has:quote` in search (#36217 by @ClearlyClaire)
+
+### Changed
+
+- Change quoted posts from silenced accounts to use a click-through rather than being hidden (#36166 and #36167 by @ClearlyClaire)
+
+### Fixed
+
+- Fix processing of out-of-order `Update` as implicit updates (#36190 by @ClearlyClaire)
+- Fix getting `Create` and `Update` out of order (#36176 by @ClearlyClaire)
+- Fix quotes with Content Warnings but no text being shown without Content Warnings (#36150 by @ClearlyClaire)
+
## [4.4.4] - 2025-09-16
### Security
diff --git a/Gemfile.lock b/Gemfile.lock
index 7527280f83..4a6f5f8625 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -725,7 +725,7 @@ GEM
responders (3.1.1)
actionpack (>= 5.2)
railties (>= 5.2)
- rexml (3.4.1)
+ rexml (3.4.4)
rotp (6.3.0)
rouge (4.5.2)
rpam2 (4.0.2)
diff --git a/app/javascript/flavours/glitch/components/status_quoted.tsx b/app/javascript/flavours/glitch/components/status_quoted.tsx
index 020bda659c..bf6ac874d7 100644
--- a/app/javascript/flavours/glitch/components/status_quoted.tsx
+++ b/app/javascript/flavours/glitch/components/status_quoted.tsx
@@ -1,4 +1,4 @@
-import { useEffect, useMemo } from 'react';
+import { useCallback, useEffect, useMemo } from 'react';
import { FormattedMessage } from 'react-intl';
@@ -12,12 +12,15 @@ import ArticleIcon from '@/material-icons/400-24px/article.svg?react';
import ChevronRightIcon from '@/material-icons/400-24px/chevron_right.svg?react';
import { Icon } from 'flavours/glitch/components/icon';
import StatusContainer from 'flavours/glitch/containers/status_container';
+import { domain } from 'flavours/glitch/initial_state';
import type { Status } from 'flavours/glitch/models/status';
import type { RootState } from 'flavours/glitch/store';
import { useAppDispatch, useAppSelector } from 'flavours/glitch/store';
+import { revealAccount } from '../actions/accounts_typed';
import { fetchStatus } from '../actions/statuses';
import { makeGetStatus } from '../selectors';
+import { getAccountHidden } from '../selectors/accounts';
const MAX_QUOTE_POSTS_NESTING_LEVEL = 1;
@@ -73,6 +76,29 @@ type GetStatusSelector = (
props: { id?: string | null; contextType?: string },
) => Status | null;
+const LimitedAccountHint: React.FC<{ accountId: string }> = ({ accountId }) => {
+ const dispatch = useAppDispatch();
+ const reveal = useCallback(() => {
+ dispatch(revealAccount({ id: accountId }));
+ }, [dispatch, accountId]);
+
+ return (
+ <>
+
+
+
+ );
+};
+
export const QuotedStatus: React.FC<{
quote: QuoteMap;
contextType?: string;
@@ -100,6 +126,14 @@ export const QuotedStatus: React.FC<{
const shouldLoadQuote = !status?.get('isLoading') && quoteState !== 'deleted';
+ const accountId: string | null = status?.get('account', null) as
+ | string
+ | null;
+
+ const hiddenAccount = useAppSelector(
+ (state) => accountId && getAccountHidden(state, accountId),
+ );
+
useEffect(() => {
if (shouldLoadQuote && quotedStatusId) {
dispatch(
@@ -164,6 +198,8 @@ export const QuotedStatus: React.FC<{
defaultMessage='This post cannot be displayed.'
/>
);
+ } else if (hiddenAccount && accountId) {
+ quoteError = ;
}
if (quoteError) {
diff --git a/app/javascript/mastodon/components/status_quoted.tsx b/app/javascript/mastodon/components/status_quoted.tsx
index 3f7f51cf06..d58760ac6e 100644
--- a/app/javascript/mastodon/components/status_quoted.tsx
+++ b/app/javascript/mastodon/components/status_quoted.tsx
@@ -1,4 +1,4 @@
-import { useEffect, useMemo } from 'react';
+import { useCallback, useEffect, useMemo } from 'react';
import { FormattedMessage } from 'react-intl';
@@ -11,13 +11,16 @@ import ArticleIcon from '@/material-icons/400-24px/article.svg?react';
import ChevronRightIcon from '@/material-icons/400-24px/chevron_right.svg?react';
import { Icon } from 'mastodon/components/icon';
import StatusContainer from 'mastodon/containers/status_container';
+import { domain } from 'mastodon/initial_state';
import type { Status } from 'mastodon/models/status';
import type { RootState } from 'mastodon/store';
import { useAppDispatch, useAppSelector } from 'mastodon/store';
import QuoteIcon from '../../images/quote.svg?react';
+import { revealAccount } from '../actions/accounts_typed';
import { fetchStatus } from '../actions/statuses';
import { makeGetStatus } from '../selectors';
+import { getAccountHidden } from '../selectors/accounts';
const MAX_QUOTE_POSTS_NESTING_LEVEL = 1;
@@ -73,6 +76,29 @@ type GetStatusSelector = (
props: { id?: string | null; contextType?: string },
) => Status | null;
+const LimitedAccountHint: React.FC<{ accountId: string }> = ({ accountId }) => {
+ const dispatch = useAppDispatch();
+ const reveal = useCallback(() => {
+ dispatch(revealAccount({ id: accountId }));
+ }, [dispatch, accountId]);
+
+ return (
+ <>
+
+
+
+ );
+};
+
export const QuotedStatus: React.FC<{
quote: QuoteMap;
contextType?: string;
@@ -100,6 +126,14 @@ export const QuotedStatus: React.FC<{
const shouldLoadQuote = !status?.get('isLoading') && quoteState !== 'deleted';
+ const accountId: string | null = status?.get('account', null) as
+ | string
+ | null;
+
+ const hiddenAccount = useAppSelector(
+ (state) => accountId && getAccountHidden(state, accountId),
+ );
+
useEffect(() => {
if (shouldLoadQuote && quotedStatusId) {
dispatch(
@@ -164,6 +198,8 @@ export const QuotedStatus: React.FC<{
defaultMessage='This post cannot be displayed.'
/>
);
+ } else if (hiddenAccount && accountId) {
+ quoteError = ;
}
if (quoteError) {
diff --git a/app/javascript/mastodon/locales/en.json b/app/javascript/mastodon/locales/en.json
index 59d39a1536..b2821c2e5b 100644
--- a/app/javascript/mastodon/locales/en.json
+++ b/app/javascript/mastodon/locales/en.json
@@ -873,6 +873,8 @@
"status.open": "Expand this post",
"status.pin": "Pin on profile",
"status.quote_error.filtered": "Hidden due to one of your filters",
+ "status.quote_error.limited_account_hint.action": "Show anyway",
+ "status.quote_error.limited_account_hint.title": "This account has been hidden by the moderators of {domain}.",
"status.quote_error.not_found": "This post cannot be displayed.",
"status.quote_error.pending_approval": "This post is pending approval from the original author.",
"status.quote_error.rejected": "This post cannot be displayed as the original author does not allow it to be quoted.",
diff --git a/app/lib/activitypub/activity/update.rb b/app/lib/activitypub/activity/update.rb
index 973706f595..15025ca5e7 100644
--- a/app/lib/activitypub/activity/update.rb
+++ b/app/lib/activitypub/activity/update.rb
@@ -28,6 +28,9 @@ class ActivityPub::Activity::Update < ActivityPub::Activity
@status = Status.find_by(uri: object_uri, account_id: @account.id)
+ # We may be getting `Create` and `Update` out of order
+ @status ||= ActivityPub::Activity::Create.new(@json, @account, **@options).perform
+
return if @status.nil?
ActivityPub::ProcessStatusUpdateService.new.call(@status, @json, @object, request_id: @options[:request_id])
diff --git a/app/lib/status_cache_hydrator.rb b/app/lib/status_cache_hydrator.rb
index 674945c403..70c9feb130 100644
--- a/app/lib/status_cache_hydrator.rb
+++ b/app/lib/status_cache_hydrator.rb
@@ -85,7 +85,7 @@ class StatusCacheHydrator
if quote.quoted_status.nil?
payload[nested ? :quoted_status_id : :quoted_status] = nil
payload[:state] = 'deleted'
- elsif StatusFilter.new(quote.quoted_status, Account.find_by(id: account_id)).filtered?
+ elsif StatusFilter.new(quote.quoted_status, Account.find_by(id: account_id)).filtered_for_quote?
payload[nested ? :quoted_status_id : :quoted_status] = nil
payload[:state] = 'unauthorized'
else
diff --git a/app/lib/status_filter.rb b/app/lib/status_filter.rb
index eb522e5447..dbf7d28b69 100644
--- a/app/lib/status_filter.rb
+++ b/app/lib/status_filter.rb
@@ -15,6 +15,12 @@ class StatusFilter
blocked_by_policy? || (account_present? && filtered_status?) || silenced_account?
end
+ def filtered_for_quote?
+ return false if !account.nil? && account.id == status.account_id
+
+ blocked_by_policy? || (account_present? && filtered_status?)
+ end
+
private
def account_present?
diff --git a/app/models/concerns/status/search_concern.rb b/app/models/concerns/status/search_concern.rb
index 3f31b3b675..7f1dbedc45 100644
--- a/app/models/concerns/status/search_concern.rb
+++ b/app/models/concerns/status/search_concern.rb
@@ -43,6 +43,7 @@ module Status::SearchConcern
properties << 'embed' if preview_card&.video?
properties << 'sensitive' if sensitive?
properties << 'reply' if reply?
+ properties << 'quote' if with_quote?
end
end
end
diff --git a/app/serializers/rest/base_quote_serializer.rb b/app/serializers/rest/base_quote_serializer.rb
index 20a53d1a20..be9d5cbe6f 100644
--- a/app/serializers/rest/base_quote_serializer.rb
+++ b/app/serializers/rest/base_quote_serializer.rb
@@ -8,13 +8,13 @@ class REST::BaseQuoteSerializer < ActiveModel::Serializer
# Extra states when a status is unavailable
return 'deleted' if object.quoted_status.nil?
- return 'unauthorized' if status_filter.filtered?
+ return 'unauthorized' if status_filter.filtered_for_quote?
object.state
end
def quoted_status
- object.quoted_status if object.accepted? && object.quoted_status.present? && !status_filter.filtered?
+ object.quoted_status if object.accepted? && object.quoted_status.present? && !status_filter.filtered_for_quote?
end
private
diff --git a/app/services/activitypub/process_status_update_service.rb b/app/services/activitypub/process_status_update_service.rb
index 1821458fbe..fcc2963e33 100644
--- a/app/services/activitypub/process_status_update_service.rb
+++ b/app/services/activitypub/process_status_update_service.rb
@@ -25,6 +25,9 @@ class ActivityPub::ProcessStatusUpdateService < BaseService
if @status_parser.edited_at.present? && (@status.edited_at.nil? || @status_parser.edited_at > @status.edited_at)
handle_explicit_update!
+ elsif @status.edited_at.present? && (@status_parser.edited_at.nil? || @status_parser.edited_at < @status.edited_at)
+ # This is an older update, reject it
+ return @status
else
handle_implicit_update!
end
diff --git a/docker-compose.yml b/docker-compose.yml
index d0ae54ed0c..788f4aa0b2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -59,7 +59,7 @@ services:
web:
# You can uncomment the following line if you want to not use the prebuilt image, for example if you have local code changes
# build: .
- image: ghcr.io/glitch-soc/mastodon:v4.4.4
+ image: ghcr.io/glitch-soc/mastodon:v4.4.5
restart: always
env_file: .env.production
command: bundle exec puma -C config/puma.rb
@@ -83,7 +83,7 @@ services:
# build:
# dockerfile: ./streaming/Dockerfile
# context: .
- image: ghcr.io/glitch-soc/mastodon-streaming:v4.4.4
+ image: ghcr.io/glitch-soc/mastodon-streaming:v4.4.5
restart: always
env_file: .env.production
command: node ./streaming/index.js
@@ -102,7 +102,7 @@ services:
sidekiq:
# You can uncomment the following line if you want to not use the prebuilt image, for example if you have local code changes
# build: .
- image: ghcr.io/glitch-soc/mastodon:v4.4.4
+ image: ghcr.io/glitch-soc/mastodon:v4.4.5
restart: always
env_file: .env.production
command: bundle exec sidekiq
diff --git a/lib/mastodon/version.rb b/lib/mastodon/version.rb
index 54d636516c..6ad44cff7d 100644
--- a/lib/mastodon/version.rb
+++ b/lib/mastodon/version.rb
@@ -13,7 +13,7 @@ module Mastodon
end
def patch
- 4
+ 5
end
def default_prerelease
diff --git a/spec/lib/activitypub/activity_spec.rb b/spec/lib/activitypub/activity_spec.rb
new file mode 100644
index 0000000000..218da04d9b
--- /dev/null
+++ b/spec/lib/activitypub/activity_spec.rb
@@ -0,0 +1,111 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe ActivityPub::Activity do
+ describe 'processing a Create and an Update' do
+ let(:sender) { Fabricate(:account, followers_url: 'http://example.com/followers', domain: 'example.com', uri: 'https://example.com/actor') }
+ let(:quoted_account) { Fabricate(:account, domain: 'quoted.example.com') }
+ let(:quoted_status) { Fabricate(:status, account: quoted_account) }
+ let(:approval_uri) { 'https://quoted.example.com/approvals/1' }
+
+ let(:approval_payload) do
+ {
+ '@context': [
+ 'https://www.w3.org/ns/activitystreams',
+ {
+ QuoteAuthorization: 'https://w3id.org/fep/044f#QuoteAuthorization',
+ gts: 'https://gotosocial.org/ns#',
+ interactingObject: {
+ '@id': 'gts:interactingObject',
+ '@type': '@id',
+ },
+ interactionTarget: {
+ '@id': 'gts:interactionTarget',
+ '@type': '@id',
+ },
+ },
+ ],
+ type: 'QuoteAuthorization',
+ id: approval_uri,
+ attributedTo: ActivityPub::TagManager.instance.uri_for(quoted_status.account),
+ interactingObject: [ActivityPub::TagManager.instance.uri_for(sender), 'post1'].join('/'),
+ interactionTarget: ActivityPub::TagManager.instance.uri_for(quoted_status),
+ }
+ end
+
+ let(:create_json) do
+ {
+ '@context': [
+ 'https://www.w3.org/ns/activitystreams',
+ {
+ quote: 'https://w3id.org/fep/044f#quote',
+ },
+ ],
+ id: [ActivityPub::TagManager.instance.uri_for(sender), '#create'].join,
+ type: 'Create',
+ actor: ActivityPub::TagManager.instance.uri_for(sender),
+ object: {
+ id: [ActivityPub::TagManager.instance.uri_for(sender), 'post1'].join('/'),
+ type: 'Note',
+ to: [
+ 'https://www.w3.org/ns/activitystreams#Public',
+ ],
+ content: 'foo',
+ published: '2025-05-24T11:03:10Z',
+ quote: ActivityPub::TagManager.instance.uri_for(quoted_status),
+ },
+ }.deep_stringify_keys
+ end
+
+ let(:update_json) do
+ {
+ '@context': [
+ 'https://www.w3.org/ns/activitystreams',
+ {
+ quote: 'https://w3id.org/fep/044f#quote',
+ quoteAuthorization: { '@id': 'https://w3id.org/fep/044f#quoteAuthorization', '@type': '@id' },
+ },
+ ],
+ id: [ActivityPub::TagManager.instance.uri_for(sender), '#update'].join,
+ type: 'Update',
+ actor: ActivityPub::TagManager.instance.uri_for(sender),
+ object: {
+ id: [ActivityPub::TagManager.instance.uri_for(sender), 'post1'].join('/'),
+ type: 'Note',
+ to: [
+ 'https://www.w3.org/ns/activitystreams#Public',
+ ],
+ content: 'foo',
+ published: '2025-05-24T11:03:10Z',
+ quote: ActivityPub::TagManager.instance.uri_for(quoted_status),
+ quoteAuthorization: approval_uri,
+ },
+ }.deep_stringify_keys
+ end
+
+ before do
+ sender.update(uri: ActivityPub::TagManager.instance.uri_for(sender))
+
+ stub_request(:get, approval_uri).to_return(headers: { 'Content-Type': 'application/activity+json' }, body: Oj.dump(approval_payload))
+ end
+
+ context 'when getting them in order' do
+ it 'creates a status and approves the quote' do
+ described_class.factory(create_json, sender).perform
+ status = described_class.factory(update_json, sender).perform
+
+ expect(status.quote.state).to eq 'accepted'
+ end
+ end
+
+ context 'when getting them out of order' do
+ it 'creates a status and approves the quote' do
+ described_class.factory(update_json, sender).perform
+ status = described_class.factory(create_json, sender).perform
+
+ expect(status.quote.state).to eq 'accepted'
+ end
+ end
+ end
+end