Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | CVE-2022-27256: Open redirect via rpath query param. | Harald Eilertsen | 2022-03-20 | 10 | -27/+27 |
| | | | | | | | | Don't follow urls to external sites when submitting forms from the settings modules. This mitigates an Open Redirect vulnerability where an attacker could trick a user to go to an attacker controlled destination. Fixes part of https://framagit.org/hubzilla/core/-/issues/1666 | ||||
* | CVE-2022-27258: XSS via rpath query param. | Harald Eilertsen | 2022-03-20 | 10 | -20/+20 |
| | | | | | | | | | | Escape URLs provided by the rpath query param in settings modules. This prevents a possible Cross-Site scripting vulnerability, where an attacker could inject web scripts and html into the settings form via the rpath query parameter, and have a user execute the script by tricking them to clicking a link. Fixes part of https://framagit.org/hubzilla/core/-/issues/1666 | ||||
* | Merge branch 't0rum-master-patch-68993' into 'master' | Mario | 2022-03-01 | 1 | -2/+2 |
| | | | | | | | | | Typo in Setup.php prevents users from using Postgres See merge request hubzilla/core!2014 (cherry picked from commit 0e2e9321025f87fe9587f3d183adaea6185e4e20) d384f55d Typo in Setup.php prevents users from using Postgres | ||||
* | enhanced content filters | Mario | 2022-03-01 | 2 | -1/+7 |
| | |||||
* | this was required for old style forum posts only and should not be needed ↵ | Mario | 2022-02-21 | 1 | -9/+11 |
| | | | | anymore | ||||
* | merge branch pdledit_gui into dev - many widgets still miss their ↵ | Mario | 2022-02-20 | 1 | -0/+553 |
| | | | | description and requirements (this is work in progress) | ||||
* | thr_parent lost across edits | Mario | 2022-02-18 | 1 | -0/+1 |
| | |||||
* | php8 warnings | Mario | 2022-02-13 | 1 | -1/+4 |
| | |||||
* | address deprecation warnings | Mario | 2022-02-13 | 1 | -6/+6 |
| | |||||
* | allow to override the DB charset via the $db_charset variable in .htconfig.php | Mario | 2022-02-10 | 1 | -2/+12 |
| | |||||
* | whitespace | Mario | 2022-02-04 | 1 | -2/+2 |
| | |||||
* | clean the url from parameters | Mario | 2022-02-04 | 1 | -0/+5 |
| | |||||
* | unpack encoded mid and make sure to goaway to the right message | Mario | 2022-02-03 | 1 | -1/+13 |
| | |||||
* | a like could be stored as item or activity so check both | Mario | 2022-02-02 | 1 | -2/+3 |
| | |||||
* | more work on relaying zap and diaspora, fix mod hcard | Mario | 2022-01-31 | 1 | -19/+19 |
| | |||||
* | PHP 8.1 band-aid | Mario Vavti | 2022-01-31 | 1 | -9/+9 |
| | |||||
* | attach iconfig to the activity and adjust ap raw message retrieval to handle ↵ | Mario | 2022-01-30 | 1 | -1/+13 |
| | | | | both cases. also add a possibility to manually redeliver single hubs for debuging | ||||
* | missing define of variable, remove deprecated zot-info and ofeed from webfinger | Mario | 2022-01-26 | 1 | -12/+1 |
| | |||||
* | fix doc | Mario | 2022-01-23 | 1 | -2/+2 |
| | |||||
* | make sure that if an existing contact role changes we will re-assign the ↵ | Mario | 2022-01-23 | 1 | -69/+98 |
| | | | | permissions to all role members and cleanup | ||||
* | make sure we have an existing default role in any case | Mario | 2022-01-23 | 1 | -2/+5 |
| | |||||
* | string | Mario | 2022-01-21 | 1 | -2/+2 |
| | |||||
* | string update | Mario | 2022-01-20 | 1 | -1/+1 |
| | |||||
* | fix potential issue with ap addressing in mod hq | Mario | 2022-01-20 | 1 | -6/+6 |
| | |||||
* | fix pgsql profile photo issue | Mario | 2022-01-20 | 1 | -1/+1 |
| | |||||
* | fix channel app naming and translation and cleanup apps with an db update | Mario | 2022-01-19 | 1 | -1/+1 |
| | |||||
* | Fix strings translation | Max Kostikov | 2022-01-18 | 2 | -1/+8 |
| | |||||
* | change name on all associated xchans by matching the url | Mario | 2022-01-18 | 1 | -2/+3 |
| | |||||
* | check for existence of vcard | Mario | 2022-01-18 | 1 | -18/+18 |
| | |||||
* | vcards are not actually implemented anymore | Mario | 2022-01-18 | 1 | -4/+4 |
| | |||||
* | make sure to use the correct default role | Mario | 2022-01-18 | 1 | -1/+1 |
| | |||||
* | pwa improvements according to lighthouse | Mario | 2022-01-13 | 1 | -2/+7 |
| | |||||
* | ux improvements | Mario | 2022-01-12 | 4 | -55/+29 |
| | |||||
* | mod profile_photo cleanup | Mario | 2022-01-12 | 1 | -175/+157 |
| | |||||
* | refactor mod profile_photo | Mario | 2022-01-12 | 1 | -114/+180 |
| | |||||
* | missing nav_set_selected() | Mario | 2022-01-08 | 2 | -16/+4 |
| | |||||
* | streamline privacy groups | Mario | 2022-01-07 | 1 | -27/+1 |
| | |||||
* | more work on access tokens | Mario | 2022-01-06 | 1 | -41/+47 |
| | |||||
* | do not show blocked or ignored contacts in connections | Mario | 2022-01-04 | 1 | -22/+22 |
| | |||||
* | minor wording change and fix connections link | Mario | 2022-01-04 | 1 | -3/+3 |
| | |||||
* | more lockview ui improvements | Mario | 2022-01-03 | 1 | -15/+22 |
| | |||||
* | minor usability improvement | Mario | 2022-01-03 | 1 | -1/+1 |
| | |||||
* | remove logging | Mario | 2022-01-02 | 1 | -3/+0 |
| | |||||
* | port new_token from zap, fixes and more cleanup | Mario | 2022-01-02 | 1 | -8/+2 |
| | |||||
* | lockview: fix guest links for profile groups and photos, cleanup | Mario | 2022-01-02 | 1 | -77/+102 |
| | |||||
* | lockview: provide guest links for private resources | Mario | 2022-01-02 | 1 | -33/+53 |
| | |||||
* | update_poll() can be called many times in a row for the same item if a ↵ | Mario | 2021-12-22 | 1 | -9/+4 |
| | | | | multiple poll is being updated. This could result in the queueworker not processing duplicates. We are now adding the source item mid to the notifier call as the third argument (fragment) so that the queueworker will not think they are duplicates. The fragment is also passed to the deliver_hooks call in the notifier | ||||
* | add the title to the object | Mario | 2021-12-21 | 1 | -0/+1 |
| | |||||
* | string change | Mario | 2021-12-21 | 1 | -1/+1 |
| | |||||
* | string change | Mario | 2021-12-21 | 1 | -1/+1 |
| |