Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | whitespace | Mario Vavti | 2022-04-25 | 1 | -1/+1 |
| | |||||
* | if we have not been provided a profile id set the profile id to the default ↵ | Mario Vavti | 2022-04-25 | 1 | -0/+4 |
| | | | | profile - fixes #1671 | ||||
* | fixes in regard to hub re-installs: dismiss deleted hublocs, make sure we ↵ | Mario | 2022-04-01 | 1 | -8/+8 |
| | | | | use the latest hubloc entry for addressing, in Queue::deliver() prefer primaries since their info is probably more accurate | ||||
* | make sure to set comments_closed to the created date if nocomment is set | Mario Vavti | 2022-03-23 | 1 | -1/+1 |
| | |||||
* | CVE-2022-27256: Open redirect via rpath query param. | Harald Eilertsen | 2022-03-20 | 10 | -27/+27 |
| | | | | | | | | Don't follow urls to external sites when submitting forms from the settings modules. This mitigates an Open Redirect vulnerability where an attacker could trick a user to go to an attacker controlled destination. Fixes part of https://framagit.org/hubzilla/core/-/issues/1666 | ||||
* | CVE-2022-27258: XSS via rpath query param. | Harald Eilertsen | 2022-03-20 | 10 | -20/+20 |
| | | | | | | | | | | Escape URLs provided by the rpath query param in settings modules. This prevents a possible Cross-Site scripting vulnerability, where an attacker could inject web scripts and html into the settings form via the rpath query parameter, and have a user execute the script by tricking them to clicking a link. Fixes part of https://framagit.org/hubzilla/core/-/issues/1666 | ||||
* | Merge branch 't0rum-master-patch-68993' into 'master' | Mario | 2022-03-01 | 1 | -2/+2 |
| | | | | | | | | | Typo in Setup.php prevents users from using Postgres See merge request hubzilla/core!2014 (cherry picked from commit 0e2e9321025f87fe9587f3d183adaea6185e4e20) d384f55d Typo in Setup.php prevents users from using Postgres | ||||
* | enhanced content filters | Mario | 2022-03-01 | 2 | -1/+7 |
| | |||||
* | this was required for old style forum posts only and should not be needed ↵ | Mario | 2022-02-21 | 1 | -9/+11 |
| | | | | anymore | ||||
* | merge branch pdledit_gui into dev - many widgets still miss their ↵ | Mario | 2022-02-20 | 1 | -0/+553 |
| | | | | description and requirements (this is work in progress) | ||||
* | thr_parent lost across edits | Mario | 2022-02-18 | 1 | -0/+1 |
| | |||||
* | php8 warnings | Mario | 2022-02-13 | 1 | -1/+4 |
| | |||||
* | address deprecation warnings | Mario | 2022-02-13 | 1 | -6/+6 |
| | |||||
* | allow to override the DB charset via the $db_charset variable in .htconfig.php | Mario | 2022-02-10 | 1 | -2/+12 |
| | |||||
* | whitespace | Mario | 2022-02-04 | 1 | -2/+2 |
| | |||||
* | clean the url from parameters | Mario | 2022-02-04 | 1 | -0/+5 |
| | |||||
* | unpack encoded mid and make sure to goaway to the right message | Mario | 2022-02-03 | 1 | -1/+13 |
| | |||||
* | a like could be stored as item or activity so check both | Mario | 2022-02-02 | 1 | -2/+3 |
| | |||||
* | more work on relaying zap and diaspora, fix mod hcard | Mario | 2022-01-31 | 1 | -19/+19 |
| | |||||
* | PHP 8.1 band-aid | Mario Vavti | 2022-01-31 | 1 | -9/+9 |
| | |||||
* | attach iconfig to the activity and adjust ap raw message retrieval to handle ↵ | Mario | 2022-01-30 | 1 | -1/+13 |
| | | | | both cases. also add a possibility to manually redeliver single hubs for debuging | ||||
* | missing define of variable, remove deprecated zot-info and ofeed from webfinger | Mario | 2022-01-26 | 1 | -12/+1 |
| | |||||
* | fix doc | Mario | 2022-01-23 | 1 | -2/+2 |
| | |||||
* | make sure that if an existing contact role changes we will re-assign the ↵ | Mario | 2022-01-23 | 1 | -69/+98 |
| | | | | permissions to all role members and cleanup | ||||
* | make sure we have an existing default role in any case | Mario | 2022-01-23 | 1 | -2/+5 |
| | |||||
* | string | Mario | 2022-01-21 | 1 | -2/+2 |
| | |||||
* | string update | Mario | 2022-01-20 | 1 | -1/+1 |
| | |||||
* | fix potential issue with ap addressing in mod hq | Mario | 2022-01-20 | 1 | -6/+6 |
| | |||||
* | fix pgsql profile photo issue | Mario | 2022-01-20 | 1 | -1/+1 |
| | |||||
* | fix channel app naming and translation and cleanup apps with an db update | Mario | 2022-01-19 | 1 | -1/+1 |
| | |||||
* | Fix strings translation | Max Kostikov | 2022-01-18 | 2 | -1/+8 |
| | |||||
* | change name on all associated xchans by matching the url | Mario | 2022-01-18 | 1 | -2/+3 |
| | |||||
* | check for existence of vcard | Mario | 2022-01-18 | 1 | -18/+18 |
| | |||||
* | vcards are not actually implemented anymore | Mario | 2022-01-18 | 1 | -4/+4 |
| | |||||
* | make sure to use the correct default role | Mario | 2022-01-18 | 1 | -1/+1 |
| | |||||
* | pwa improvements according to lighthouse | Mario | 2022-01-13 | 1 | -2/+7 |
| | |||||
* | ux improvements | Mario | 2022-01-12 | 4 | -55/+29 |
| | |||||
* | mod profile_photo cleanup | Mario | 2022-01-12 | 1 | -175/+157 |
| | |||||
* | refactor mod profile_photo | Mario | 2022-01-12 | 1 | -114/+180 |
| | |||||
* | missing nav_set_selected() | Mario | 2022-01-08 | 2 | -16/+4 |
| | |||||
* | streamline privacy groups | Mario | 2022-01-07 | 1 | -27/+1 |
| | |||||
* | more work on access tokens | Mario | 2022-01-06 | 1 | -41/+47 |
| | |||||
* | do not show blocked or ignored contacts in connections | Mario | 2022-01-04 | 1 | -22/+22 |
| | |||||
* | minor wording change and fix connections link | Mario | 2022-01-04 | 1 | -3/+3 |
| | |||||
* | more lockview ui improvements | Mario | 2022-01-03 | 1 | -15/+22 |
| | |||||
* | minor usability improvement | Mario | 2022-01-03 | 1 | -1/+1 |
| | |||||
* | remove logging | Mario | 2022-01-02 | 1 | -3/+0 |
| | |||||
* | port new_token from zap, fixes and more cleanup | Mario | 2022-01-02 | 1 | -8/+2 |
| | |||||
* | lockview: fix guest links for profile groups and photos, cleanup | Mario | 2022-01-02 | 1 | -77/+102 |
| | |||||
* | lockview: provide guest links for private resources | Mario | 2022-01-02 | 1 | -33/+53 |
| |