aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* missing files after composer updatesMario2022-05-2035-0/+1890
|
* do not show deprecated warnings by defaultMario2022-05-191-1/+1
|
* update composer libsMario2022-05-19344-16726/+1116
|
* update to remove core apps (wiki, cards, articles) which have been moved to ↵Mario2022-05-192-2/+25
| | | | addons
* add a hidden config for the hs2019 http sig algoMario2022-05-191-2/+5
|
* rendering fixesMario2022-05-194-17/+22
|
* implement starring of pubstream itemsMario2022-05-182-12/+27
|
* make sure we use source.content when rendering events to correctly render ↵Mario2022-05-162-5/+12
| | | | observer related content. fix wrong media types.
* fix php errorsMario2022-05-141-3/+3
|
* add the title in forum post resharesMario2022-05-141-0/+1
|
* do not set allowed to true if verb is ACTIVITY_SHARE and slightly changed ↵Mario2022-05-131-3/+7
| | | | logic for conv fetches
* do not stringify integer valueMario2022-05-111-1/+1
|
* update queries in mod search - fixes #1677Mario2022-05-112-27/+24
|
* deal with pleroma reactionsMario2022-05-101-0/+8
|
* use rev instead of _updated and the unix timestamp is less likely to cause ↵Mario2022-05-091-1/+1
| | | | issues in the future
* use addr for webfinger and name for the real name in the userinfo arrayMario2022-05-091-1/+2
|
* add the update date to the icon url. some platforms will not update if the ↵Mario2022-05-071-1/+1
| | | | icon url remains static
* cleanup channel appsMario2022-05-071-24/+0
|
* more cleanupMario2022-05-063-13/+6
|
* some cleanup after moving articles and cards to addonsMario2022-05-063-85/+3
|
* fix core issue #1676 and a liked/disliked/commented confusionMario2022-05-062-9/+40
|
* move wiki to addonsMario2022-05-068-2112/+0
|
* move articles to addon - also remove the pdlMario2022-05-041-14/+0
|
* move articles to addonMario2022-05-042-370/+0
|
* move cards to addonMario2022-05-047-383/+11
|
* changelog and versionMario Vavti2022-04-262-1/+5
|
* hubloc in AS has been moved from data to meta a while agoMario Vavti2022-04-261-2/+2
|
* version bumpMario Vavti2022-04-251-1/+1
|
* more changelogMario Vavti2022-04-251-0/+1
|
* changelogMario Vavti2022-04-251-0/+9
|
* whitespaceMario Vavti2022-04-251-1/+1
|
* if we have not been provided a profile id set the profile id to the default ↵Mario Vavti2022-04-251-0/+4
| | | | profile - fixes #1671
* Merge branch 'dev' of https://framagit.org/hubzilla/core into devMario Vavti2022-04-231-3/+8
|\
| * check if addons have been removed from the filesystem and also remove them ↵Mario2022-04-221-3/+8
| | | | | | | | from the db if that is the case
* | fix regression with incoming poll answers from activitypubMario Vavti2022-04-231-1/+1
|/
* move AP addressing to pubcrawlMario Vavti2022-04-071-122/+14
| | | (cherry picked from commit 1390e1db399c06cb76e191437eb5be24dd95a5c7)
* fixes in regard to hub re-installs: dismiss deleted hublocs, make sure we ↵Mario2022-04-013-11/+11
| | | | use the latest hubloc entry for addressing, in Queue::deliver() prefer primaries since their info is probably more accurate
* fix PHP errorMario2022-03-311-3/+6
|
* update changelogMario Vavti2022-03-291-1/+1
|
* Merge branch 'fix-changelog' into 'dev'Mario2022-03-271-2/+3
|\ | | | | | | | | Update changelog with missing fix and cve See merge request hubzilla/core!2018
| * Update changelog with missing fix and cveHarald Eilertsen2022-03-251-2/+3
|/
* changelogMario2022-03-251-0/+38
|
* bump dev versionMario2022-03-231-1/+1
|
* stringsMario2022-03-232-860/+933
|
* make sure to set comments_closed to the created date if nocomment is setMario Vavti2022-03-231-1/+1
|
* streamline comment policy with downstreamMario2022-03-232-33/+5
|
* Merge branch 'security-fixes-lfi-xss-open-redirect' into 'dev'Mario2022-03-2315-50/+122
|\ | | | | | | | | Security fixes See merge request hubzilla/core!2017
| * CVE-2022-27256: Open redirect via rpath query param.Harald Eilertsen2022-03-2010-27/+27
| | | | | | | | | | | | | | | | Don't follow urls to external sites when submitting forms from the settings modules. This mitigates an Open Redirect vulnerability where an attacker could trick a user to go to an attacker controlled destination. Fixes part of https://framagit.org/hubzilla/core/-/issues/1666
| * Add function is_local_url() to check if url is local.Harald Eilertsen2022-03-202-0/+41
| |
| * CVE-2022-27258: XSS via rpath query param.Harald Eilertsen2022-03-2010-20/+20
| | | | | | | | | | | | | | | | | | | | Escape URLs provided by the rpath query param in settings modules. This prevents a possible Cross-Site scripting vulnerability, where an attacker could inject web scripts and html into the settings form via the rpath query parameter, and have a user execute the script by tricking them to clicking a link. Fixes part of https://framagit.org/hubzilla/core/-/issues/1666