aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module
Commit message (Collapse)AuthorAgeFilesLines
* CVE-2022-27256: Open redirect via rpath query param.Harald Eilertsen2022-03-2010-27/+27
| | | | | | | | Don't follow urls to external sites when submitting forms from the settings modules. This mitigates an Open Redirect vulnerability where an attacker could trick a user to go to an attacker controlled destination. Fixes part of https://framagit.org/hubzilla/core/-/issues/1666
* CVE-2022-27258: XSS via rpath query param.Harald Eilertsen2022-03-2010-20/+20
| | | | | | | | | | Escape URLs provided by the rpath query param in settings modules. This prevents a possible Cross-Site scripting vulnerability, where an attacker could inject web scripts and html into the settings form via the rpath query parameter, and have a user execute the script by tricking them to clicking a link. Fixes part of https://framagit.org/hubzilla/core/-/issues/1666
* Merge branch 't0rum-master-patch-68993' into 'master'Mario2022-03-011-2/+2
| | | | | | | | | Typo in Setup.php prevents users from using Postgres See merge request hubzilla/core!2014 (cherry picked from commit 0e2e9321025f87fe9587f3d183adaea6185e4e20) d384f55d Typo in Setup.php prevents users from using Postgres
* enhanced content filtersMario2022-03-012-1/+7
|
* this was required for old style forum posts only and should not be needed ↵Mario2022-02-211-9/+11
| | | | anymore
* merge branch pdledit_gui into dev - many widgets still miss their ↵Mario2022-02-201-0/+553
| | | | description and requirements (this is work in progress)
* thr_parent lost across editsMario2022-02-181-0/+1
|
* php8 warningsMario2022-02-131-1/+4
|
* address deprecation warningsMario2022-02-131-6/+6
|
* allow to override the DB charset via the $db_charset variable in .htconfig.phpMario2022-02-101-2/+12
|
* whitespaceMario2022-02-041-2/+2
|
* clean the url from parametersMario2022-02-041-0/+5
|
* unpack encoded mid and make sure to goaway to the right messageMario2022-02-031-1/+13
|
* a like could be stored as item or activity so check bothMario2022-02-021-2/+3
|
* more work on relaying zap and diaspora, fix mod hcardMario2022-01-311-19/+19
|
* PHP 8.1 band-aidMario Vavti2022-01-311-9/+9
|
* attach iconfig to the activity and adjust ap raw message retrieval to handle ↵Mario2022-01-301-1/+13
| | | | both cases. also add a possibility to manually redeliver single hubs for debuging
* missing define of variable, remove deprecated zot-info and ofeed from webfingerMario2022-01-261-12/+1
|
* fix docMario2022-01-231-2/+2
|
* make sure that if an existing contact role changes we will re-assign the ↵Mario2022-01-231-69/+98
| | | | permissions to all role members and cleanup
* make sure we have an existing default role in any caseMario2022-01-231-2/+5
|
* stringMario2022-01-211-2/+2
|
* string updateMario2022-01-201-1/+1
|
* fix potential issue with ap addressing in mod hqMario2022-01-201-6/+6
|
* fix pgsql profile photo issueMario2022-01-201-1/+1
|
* fix channel app naming and translation and cleanup apps with an db updateMario2022-01-191-1/+1
|
* Fix strings translationMax Kostikov2022-01-182-1/+8
|
* change name on all associated xchans by matching the urlMario2022-01-181-2/+3
|
* check for existence of vcardMario2022-01-181-18/+18
|
* vcards are not actually implemented anymoreMario2022-01-181-4/+4
|
* make sure to use the correct default roleMario2022-01-181-1/+1
|
* pwa improvements according to lighthouseMario2022-01-131-2/+7
|
* ux improvementsMario2022-01-124-55/+29
|
* mod profile_photo cleanupMario2022-01-121-175/+157
|
* refactor mod profile_photoMario2022-01-121-114/+180
|
* missing nav_set_selected()Mario2022-01-082-16/+4
|
* streamline privacy groupsMario2022-01-071-27/+1
|
* more work on access tokensMario2022-01-061-41/+47
|
* do not show blocked or ignored contacts in connectionsMario2022-01-041-22/+22
|
* minor wording change and fix connections linkMario2022-01-041-3/+3
|
* more lockview ui improvementsMario2022-01-031-15/+22
|
* minor usability improvementMario2022-01-031-1/+1
|
* remove loggingMario2022-01-021-3/+0
|
* port new_token from zap, fixes and more cleanupMario2022-01-021-8/+2
|
* lockview: fix guest links for profile groups and photos, cleanupMario2022-01-021-77/+102
|
* lockview: provide guest links for private resourcesMario2022-01-021-33/+53
|
* update_poll() can be called many times in a row for the same item if a ↵Mario2021-12-221-9/+4
| | | | multiple poll is being updated. This could result in the queueworker not processing duplicates. We are now adding the source item mid to the notifier call as the third argument (fragment) so that the queueworker will not think they are duplicates. The fragment is also passed to the deliver_hooks call in the notifier
* add the title to the objectMario2021-12-211-0/+1
|
* string changeMario2021-12-211-1/+1
|
* string changeMario2021-12-211-1/+1
|