volse-hubzilla.git - Volse Hubzilla -- soft fork of main Hubzilla core for Volse

	Commit message (Collapse)	Author	Age	Files	Lines
*	CVE-2022-27258: XSS via rpath query param.	Harald Eilertsen	2022-03-20	10	-20/+20
\| \| \| \| \| \| \| \| \| \|	Escape URLs provided by the rpath query param in settings modules. This prevents a possible Cross-Site scripting vulnerability, where an attacker could inject web scripts and html into the settings form via the rpath query parameter, and have a user execute the script by tricking them to clicking a link. Fixes part of https://framagit.org/hubzilla/core/-/issues/1666
*	Add helper to escape URLs.	Harald Eilertsen	2022-03-20	2	-0/+32
\| \| \| \| \| \| \| \| \|	The escaping makes the URL safe for display and for use in HTML element attributes (such as href="..." etc), but does not guarantee that the URL itself is valid after conversion. This should be good enough for mitigating XSS issues caused by injecting html or javascript into a URL. Also probably good enough for _most_ normal URLs, but there may be devils hidden in the details somewhere.
*	CVE-2022-27257: LFI in Redbasic theme.	Harald Eilertsen	2022-03-20	1	-3/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Limit valid chars in schema names, and discard attempts at loading schemas with invalid names. This prevents a local file inclusion vulnerability where an unauthenticated attacker can include arbitrary php files readable by the server process and potentially obtain remote code execution. Valid schema names may consist of ascii letters, numbers, hyphens and underscores. Should be good enough for most cases, I think. Fixes https://framagit.org/hubzilla/core/-/issues/1665
*	Merge branch 'volse-fix-stylesheet-root-path' into 'dev'	Mario	2022-03-17	2	-42/+7
\|\ \| \| \| \| \| \| \| \|	Use correct base url for stylesheets and js. See merge request hubzilla/core!2015
\| *	Trim trailing & from query_string.	Harald Eilertsen	2022-03-13	1	-0/+5
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	When trying to fetch an image file from the Cloud module, the default nginx config will add a trailing & if there's no args specified. Example: https://example.com/cloud/username/some_image.png This will be rewritten to: https://example.com/index.php?q=/cloud/username/some_image.png& This in turn will cause the Cloud module to try to redirect back to the original because it does not match the query_string (in which the ampersand has been converted to a question mark). And this will repeat until the browser get's tired of it.
\| *	Remove now unused function script_path.	Harald Eilertsen	2022-03-03	1	-38/+0
\| \|
\| *	Use correct base url for stylesheets and js.	Harald Eilertsen	2022-03-03	1	-4/+2
\| \| \| \| \| \| \| \| \| \| \| \|	Use z_root instead of script_path when formatting stylesheet and javascript links for the head section. script_path does not preserve information about the port if the site uses a nonstandard port.
* \|	make sure an announce does not overwrite an item we already have and make ↵	Mario	2022-03-11	1	-0/+7
\| \| \| \| \| \| \| \|	sure it will be a toplevel post
* \|	whitespace	Mario	2022-03-10	1	-35/+35
\| \|
* \|	support for hs2019	Mario	2022-03-10	2	-16/+61
\| \|
* \|	move attachments to the top	Mario	2022-03-05	1	-5/+5
\| \|
* \|	remove logging	Mario	2022-03-04	1	-1/+1
\| \|
* \|	event fixes	Mario	2022-03-04	2	-6/+10
\| \|
* \|	bump version	Mario	2022-03-04	1	-1/+1
\| \|
* \|	fix regression	Mario	2022-03-04	1	-2/+2
\| \|
* \|	streamline event activity handling	Mario	2022-03-04	2	-61/+208
\| \|
* \|	bump version	Mario	2022-03-04	1	-1/+1
\| \|
* \|	port some ap quirks from the addon	Mario	2022-03-04	1	-15/+50
\| \|
* \|	more work on enhanced content filters	Mario	2022-03-03	2	-3/+39
\|/
*	fix duplicate ids in login form and move login/register buttons into the ↵	Mario	2022-03-03	6	-47/+57
\| \| \| \|	hamburger menu on small screens
*	collect the accept headers in an array	Mario	2022-03-03	1	-2/+6
\|
*	Merge branch 'dev' of https://framagit.org/hubzilla/core into dev	Mario	2022-03-02	1	-2/+2
\|\
\| *	Merge branch 't0rum-master-patch-68993' into 'master'	Mario	2022-03-01	1	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Typo in Setup.php prevents users from using Postgres See merge request hubzilla/core!2014 (cherry picked from commit 0e2e9321025f87fe9587f3d183adaea6185e4e20) d384f55d Typo in Setup.php prevents users from using Postgres
* \|	composer updates	Mario	2022-03-02	10	-132/+145
\| \|
* \|	port some peertube tweeks from pubcrawl to lib/activity	Mario	2022-03-02	1	-20/+47
\|/
*	fix feedutils regression	Mario	2022-03-01	1	-4/+4
\|
*	enhanced content filters	Mario	2022-03-01	8	-90/+285
\|
*	make gprobe deal with URLs, fix issue in get_actor_protocols and fix missing ↵	Mario	2022-02-28	3	-15/+41
\| \| \| \|	author issue if wall2wall comment arrives and author is not yet known
*	missing content region for directory	Mario	2022-02-23	1	-0/+3
\|
*	widget descriptions and add content region to all pdl files for convenience	Mario	2022-02-23	89	-91/+345
\|
*	bump version	Mario	2022-02-21	1	-1/+1
\|
*	this was required for old style forum posts only and should not be needed ↵	Mario	2022-02-21	1	-9/+11
\| \| \| \|	anymore
*	do not require network for forums widget	Mario	2022-02-21	1	-1/+0
\|
*	remove deprecated widgets and add some more widget descriptions	Mario	2022-02-21	27	-166/+148
\|
*	merge branch pdledit_gui into dev - many widgets still miss their ↵	Mario	2022-02-20	26	-41/+1049
\| \| \| \|	description and requirements (this is work in progress)
*	thr_parent lost across edits	Mario	2022-02-18	1	-0/+1
\|
*	composer update	Mario	2022-02-18	2	-12/+12
\|
*	Merge branch 'undefined' into 'dev'	Mario	2022-02-15	1	-29/+60
\|\ \| \| \| \| \| \| \| \|	Replace htconfig.tpl fr See merge request hubzilla/core!2008
\| *	Replace htconfig.tpl fr	Dan d'Auge	2022-02-13	1	-29/+60
\| \|
* \|	Merge branch 'dandauge-dev-patch-02109' into 'dev'	Mario	2022-02-15	1	-30/+32
\|\ \ \| \| \| \| \| \| \| \| \| \| \| \|	Update lostpass_eml.tpl fr See merge request hubzilla/core!2009
\| * \|	Update lostpass_eml.tpl fr	Dan d'Auge	2022-02-13	1	-30/+32
\| \|/
* \|	Merge branch 'dandauge-dev-patch-69038' into 'dev'	Mario	2022-02-15	1	-0/+1
\|\ \ \| \| \| \| \| \| \| \| \| \| \| \|	Upload New File : invite.material.subject.tpl fr See merge request hubzilla/core!2010
\| * \|	Upload New File : invite.material.subject.tpl fr	Dan d'Auge	2022-02-13	1	-0/+1
\| \|/
* \|	Merge branch 'dandauge-dev-patch-34611' into 'dev'	Mario	2022-02-15	1	-0/+1
\|\ \ \| \| \| \| \| \| \| \| \| \| \| \|	Upload New File : invite.material.tpl fr See merge request hubzilla/core!2011
\| * \|	Upload New File : invite.material.tpl fr	Dan d'Auge	2022-02-13	1	-0/+1
\| \|/
* \|	Merge branch 'dandauge-dev-patch-30995' into 'dev'	Mario	2022-02-15	1	-19/+21
\|\ \ \| \| \| \| \| \| \| \| \| \| \| \|	Update passchanged_eml.tpl fr See merge request hubzilla/core!2012
\| * \|	Update passchanged_eml.tpl fr	Dan d'Auge	2022-02-13	1	-19/+21
\| \|/
* \|	Merge branch 'dandauge-dev-patch-92660' into 'dev'	Mario	2022-02-15	1	-16/+21
\|\ \ \| \| \| \| \| \| \| \| \| \| \| \|	Update update_fail_eml.tpl fr See merge request hubzilla/core!2013
\| * \|	Update update_fail_eml.tpl fr	Dan d'Auge	2022-02-13	1	-16/+21
\| \|/
* \|	php8 warnings	Mario	2022-02-13	7	-23/+31
\| \|