aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs
Commit message (Collapse)AuthorAgeFilesLines
* do not escape tags here since it will destroy additional query paramsMario2022-08-211-1/+1
|
* Activity: check for other forms of as:Public, Search: make sure to run ↵Mario2022-08-212-8/+10
| | | | htmlspecialchars_decode on the AP url so that previously encoded chars will be decoded again
* check against nullMario Vavti2022-08-071-2/+2
|
* update widget descriptionMario Vavti2022-08-051-1/+1
|
* only decode attachment and iconfig for nonresponse activitiesMario Vavti2022-08-041-9/+9
|
* fix lang tests if result is ambigousMario2022-07-261-10/+26
|
* add "falsey" testMario2022-07-262-2/+22
|
* check if the webpages app is installedMario2022-07-181-0/+5
|
* HQ dashboard - missing filesMario2022-07-161-0/+246
|
* HQ dashboard - initial checkinMario2022-07-153-61/+69
|
* oembed: implement a max oembed size which defaults to 1MB and do not try to ↵Mario2022-06-033-3/+3
| | | | oembed text previews
* prevent php error and add some docoMario2022-05-251-1/+5
|
* bump php version requirementMario2022-05-252-13/+7
|
* categories widgets cleanupMario2022-05-241-23/+9
|
* streamline inbound attachment handling and fix regression from issue #1679Mario2022-05-231-22/+74
|
* update to remove core apps (wiki, cards, articles) which have been moved to ↵Mario2022-05-191-0/+23
| | | | addons
* add a hidden config for the hs2019 http sig algoMario2022-05-191-2/+5
|
* rendering fixesMario2022-05-191-12/+12
|
* implement starring of pubstream itemsMario2022-05-182-12/+27
|
* make sure we use source.content when rendering events to correctly render ↵Mario2022-05-161-1/+1
| | | | observer related content. fix wrong media types.
* fix php errorsMario2022-05-141-3/+3
|
* do not set allowed to true if verb is ACTIVITY_SHARE and slightly changed ↵Mario2022-05-131-3/+7
| | | | logic for conv fetches
* do not stringify integer valueMario2022-05-111-1/+1
|
* update queries in mod search - fixes #1677Mario2022-05-112-27/+24
|
* deal with pleroma reactionsMario2022-05-101-0/+8
|
* use rev instead of _updated and the unix timestamp is less likely to cause ↵Mario2022-05-091-1/+1
| | | | issues in the future
* add the update date to the icon url. some platforms will not update if the ↵Mario2022-05-071-1/+1
| | | | icon url remains static
* more cleanupMario2022-05-062-12/+5
|
* some cleanup after moving articles and cards to addonsMario2022-05-063-85/+3
|
* fix core issue #1676 and a liked/disliked/commented confusionMario2022-05-062-9/+40
|
* move wiki to addonsMario2022-05-066-2094/+0
|
* move articles to addonMario2022-05-042-370/+0
|
* move cards to addonMario2022-05-044-356/+11
|
* hubloc in AS has been moved from data to meta a while agoMario Vavti2022-04-261-2/+2
|
* whitespaceMario Vavti2022-04-251-1/+1
|
* if we have not been provided a profile id set the profile id to the default ↵Mario Vavti2022-04-251-0/+4
| | | | profile - fixes #1671
* fix regression with incoming poll answers from activitypubMario Vavti2022-04-231-1/+1
|
* move AP addressing to pubcrawlMario Vavti2022-04-071-122/+14
| | | (cherry picked from commit 1390e1db399c06cb76e191437eb5be24dd95a5c7)
* fixes in regard to hub re-installs: dismiss deleted hublocs, make sure we ↵Mario2022-04-013-11/+11
| | | | use the latest hubloc entry for addressing, in Queue::deliver() prefer primaries since their info is probably more accurate
* make sure to set comments_closed to the created date if nocomment is setMario Vavti2022-03-231-1/+1
|
* streamline comment policy with downstreamMario2022-03-231-14/+4
|
* Merge branch 'security-fixes-lfi-xss-open-redirect' into 'dev'Mario2022-03-2310-47/+47
|\ | | | | | | | | Security fixes See merge request hubzilla/core!2017
| * CVE-2022-27256: Open redirect via rpath query param.Harald Eilertsen2022-03-2010-27/+27
| | | | | | | | | | | | | | | | Don't follow urls to external sites when submitting forms from the settings modules. This mitigates an Open Redirect vulnerability where an attacker could trick a user to go to an attacker controlled destination. Fixes part of https://framagit.org/hubzilla/core/-/issues/1666
| * CVE-2022-27258: XSS via rpath query param.Harald Eilertsen2022-03-2010-20/+20
| | | | | | | | | | | | | | | | | | | | Escape URLs provided by the rpath query param in settings modules. This prevents a possible Cross-Site scripting vulnerability, where an attacker could inject web scripts and html into the settings form via the rpath query parameter, and have a user execute the script by tricking them to clicking a link. Fixes part of https://framagit.org/hubzilla/core/-/issues/1666
* | add the signing algo to zotinfo, and store it in import_xchan() if presentMario2022-03-202-0/+9
|/
* make sure an announce does not overwrite an item we already have and make ↵Mario2022-03-111-0/+7
| | | | sure it will be a toplevel post
* whitespaceMario2022-03-101-35/+35
|
* support for hs2019Mario2022-03-102-16/+61
|
* move attachments to the topMario2022-03-051-5/+5
|
* fix regressionMario2022-03-041-2/+2
|