.gitattributes

+# Define the line ending behavior of the different file extensions
+# Set default behaviour, in case users don't have core.autocrlf set.
+* text=auto
+* text eol=lf
+
+# Explicitly declare text files we want to always be normalized and converted
+# to native line endings on checkout.
+*.php text
+*.default text
+*.ctp text
+*.md text
+*.po text
+*.js text
+*.css text
+*.ini text
+*.txt text
+*.xml text
+
+# Declare files that will always have CRLF line endings on checkout.
+*.bat eol=crlf
+*.ps1 eol=crlf
+
+# Declare files that will always have LF line endings on checkout.
+*.pem eol=lf
+*.sh eol=lf
+*.cql eol=lf
+containers/** eol=lf
+
+# Denote all files that are truly binary and should not be modified.
+*.png binary
+*.jpg binary
+*.gif binary
+*.ico binary
+*.mo binary
+
+# Remove files for archives generated using `git archive`
+appveyor.yml export-ignore
+CONTRIBUTING.md export-ignore
+.editorconfig export-ignore
+.gitattributes export-ignore
+.gitignore export-ignore
+Makefile export-ignore
+phpunit.xml.dist export-ignore
+.travis.yml export-ignore
+tests/test_app export-ignore
+tests/TestCase export-ignore

.gitignore

@@ -28,3 +28,4 @@ coverage
 !/.gitlab
 composer.phar
 settings.php-*.bak
+!/.gitattributes

.gitlab-ci.yml

@@ -48,6 +48,11 @@ prepare:fpm:
         --build-arg SENTRY_DSN=$SENTRY_DSN \
         .
     - docker push $CI_REGISTRY_IMAGE/fpm:$CI_PIPELINE_ID
+    - >
+      if [ $CI_COMMIT_BRANCH == "master" ]; then 
+        docker tag $CI_REGISTRY_IMAGE/fpm:$CI_PIPELINE_ID $CI_REGISTRY_IMAGE/fpm:latest &&
+        docker push $CI_REGISTRY_IMAGE/fpm:latest
+      fi
 
 prepare:runners:
   stage: prepare
@@ -64,6 +69,11 @@ prepare:runners:
         --build-arg SENTRY_DSN=$SENTRY_DSN \
         .
     - docker push $CI_REGISTRY_IMAGE/runners:$CI_PIPELINE_ID
+    - >
+      if [ $CI_COMMIT_BRANCH == "master" ]; then 
+        docker tag $CI_REGISTRY_IMAGE/runners:$CI_PIPELINE_ID $CI_REGISTRY_IMAGE/runners:latest &&
+        docker push $CI_REGISTRY_IMAGE/runners:latest
+      fi
 
 prepare:all:sentry:
   stage: prepare

Core/Config/Exported.php

@@ -123,6 +123,9 @@ class Exported
 
         if ($pro = $this->proDomain->lookup($_SERVER['HTTP_HOST'] ?? null)) {
             $exported['pro'] = $pro;
+        } elseif (!$this->proDomain->isRoot($_SERVER['HTTP_HOST'] ?? null)) {
+            // If not a pro site and not root then tell frontend to redirect
+            $exported['redirect_to_root_on_init'] = true;
         }
 
         return $exported;

Core/Features/Provider.php

@@ -44,6 +44,7 @@ class Provider extends DiProvider
                 'wire-multi-currency',
                 'cdn-jwt',
                 'post-scheduler',
+                'navigation',
             ];
         });
 

Core/Security/XSS/GenericRule.php

@@ -163,7 +163,7 @@ class GenericRule implements Interfaces\XSSRule
             //make all urls force open in a new tab/window
             if ($element->nodeName == 'a') {
                 $element->setAttribute('target', '_blank');
-                $element->setAttribute('rel', 'noopener noreferrer nofollow'); //nofollow hurts spammers
+                $element->setAttribute('rel', 'noopener noreferrer nofollow ugc'); //nofollow hurts spammers
             }
         }
 

Spec/Core/Security/XSSSpec.php

@@ -39,25 +39,25 @@ class XSSSpec extends ObjectBehavior
     public function it_should_dissallow_onClick_attributes()
     {
         $dirty = "<a onclick=\"console.log('hmmm...')\">click me</a>";
-        $this->clean($dirty)->shouldReturn('<?xml encoding="utf-8" ?>'."<a target=\"_blank\" rel=\"noopener noreferrer nofollow\">click me</a>");
+        $this->clean($dirty)->shouldReturn('<?xml encoding="utf-8" ?>'."<a target=\"_blank\" rel=\"noopener noreferrer nofollow ugc\">click me</a>");
     }
 
     public function it_should_allow_href_on_anchor_tags()
     {
         $dirty = "<a href=\"https://www.minds.com\">take me home</a>";
-        $this->clean($dirty)->shouldReturn('<?xml encoding="utf-8" ?>'."<a href=\"https://www.minds.com\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">take me home</a>");
+        $this->clean($dirty)->shouldReturn('<?xml encoding="utf-8" ?>'."<a href=\"https://www.minds.com\" target=\"_blank\" rel=\"noopener noreferrer nofollow ugc\">take me home</a>");
     }
 
     public function it_should_not_allow_bad_url_schemes()
     {
         $dirty = "<a href=\"javascript:alert('HEYHO')\">bad scheme here</a>";
-        $this->clean($dirty)->shouldReturn('<?xml encoding="utf-8" ?>'."<a href=\"alert('HEYHO')\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">bad scheme here</a>");
+        $this->clean($dirty)->shouldReturn('<?xml encoding="utf-8" ?>'."<a href=\"alert('HEYHO')\" target=\"_blank\" rel=\"noopener noreferrer nofollow ugc\">bad scheme here</a>");
     }
 
     public function it_should_not_allow_bad_url_schemes_with_case_hacks()
     {
         $dirty = "<a href=\"Javascript:alert('HEYHO')\">bad scheme here</a>";
-        $this->clean($dirty)->shouldReturn('<?xml encoding="utf-8" ?>'."<a href=\"alert('HEYHO')\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">bad scheme here</a>");
+        $this->clean($dirty)->shouldReturn('<?xml encoding="utf-8" ?>'."<a href=\"alert('HEYHO')\" target=\"_blank\" rel=\"noopener noreferrer nofollow ugc\">bad scheme here</a>");
     }
 
     public function it_should_not_allow_bad_url_schemes_from_multiple_keywords()

containers/php-runners/Dockerfile

@@ -6,7 +6,7 @@ ADD --chown=www-data . /var/www/Minds/engine
 
 # Remove the local settings file (if it exists)
 
-RUN rm -f /var/www/Minds/engine/settings.php
+# RUN rm -f /var/www/Minds/engine/settings.php
 
 # Setup our supervisor service
 

settings.example.php

@@ -585,7 +585,7 @@ $CONFIG->set('gitlab', [
 
 $CONFIG->set('pro', [
     'handler' => '',
-    'root_domains' => ['minds.com', 'www.minds.com', 'localhost'],
+    'root_domains' => ['minds.com', 'www.minds.com', 'localhost', 'localhost:8080', 'localhost:4200'],
     'subdomain_suffix' => 'minds.com',
     'dynamodb_table_name' => 'traefik',
 ]);