Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Merge branch 'security-fixes-lfi-xss-open-redirect' into 'dev' | Mario | 2022-03-23 | 10 | -47/+47 |
|\ | | | | | | | | | Security fixes See merge request hubzilla/core!2017 | ||||
| * | CVE-2022-27256: Open redirect via rpath query param. | Harald Eilertsen | 2022-03-20 | 10 | -27/+27 |
| | | | | | | | | | | | | | | | | Don't follow urls to external sites when submitting forms from the settings modules. This mitigates an Open Redirect vulnerability where an attacker could trick a user to go to an attacker controlled destination. Fixes part of https://framagit.org/hubzilla/core/-/issues/1666 | ||||
| * | CVE-2022-27258: XSS via rpath query param. | Harald Eilertsen | 2022-03-20 | 10 | -20/+20 |
| | | | | | | | | | | | | | | | | | | | | Escape URLs provided by the rpath query param in settings modules. This prevents a possible Cross-Site scripting vulnerability, where an attacker could inject web scripts and html into the settings form via the rpath query parameter, and have a user execute the script by tricking them to clicking a link. Fixes part of https://framagit.org/hubzilla/core/-/issues/1666 | ||||
* | | add the signing algo to zotinfo, and store it in import_xchan() if present | Mario | 2022-03-20 | 2 | -0/+9 |
|/ | |||||
* | make sure an announce does not overwrite an item we already have and make ↵ | Mario | 2022-03-11 | 1 | -0/+7 |
| | | | | sure it will be a toplevel post | ||||
* | whitespace | Mario | 2022-03-10 | 1 | -35/+35 |
| | |||||
* | support for hs2019 | Mario | 2022-03-10 | 2 | -16/+61 |
| | |||||
* | move attachments to the top | Mario | 2022-03-05 | 1 | -5/+5 |
| | |||||
* | fix regression | Mario | 2022-03-04 | 1 | -2/+2 |
| | |||||
* | streamline event activity handling | Mario | 2022-03-04 | 1 | -11/+80 |
| | |||||
* | port some ap quirks from the addon | Mario | 2022-03-04 | 1 | -15/+50 |
| | |||||
* | more work on enhanced content filters | Mario | 2022-03-03 | 2 | -3/+39 |
| | |||||
* | collect the accept headers in an array | Mario | 2022-03-03 | 1 | -2/+6 |
| | |||||
* | Merge branch 'dev' of https://framagit.org/hubzilla/core into dev | Mario | 2022-03-02 | 1 | -2/+2 |
|\ | |||||
| * | Merge branch 't0rum-master-patch-68993' into 'master' | Mario | 2022-03-01 | 1 | -2/+2 |
| | | | | | | | | | | | | | | | | | | Typo in Setup.php prevents users from using Postgres See merge request hubzilla/core!2014 (cherry picked from commit 0e2e9321025f87fe9587f3d183adaea6185e4e20) d384f55d Typo in Setup.php prevents users from using Postgres | ||||
* | | port some peertube tweeks from pubcrawl to lib/activity | Mario | 2022-03-02 | 1 | -20/+47 |
|/ | |||||
* | enhanced content filters | Mario | 2022-03-01 | 5 | -75/+230 |
| | |||||
* | make gprobe deal with URLs, fix issue in get_actor_protocols and fix missing ↵ | Mario | 2022-02-28 | 3 | -15/+41 |
| | | | | author issue if wall2wall comment arrives and author is not yet known | ||||
* | widget descriptions and add content region to all pdl files for convenience | Mario | 2022-02-23 | 34 | -59/+190 |
| | |||||
* | this was required for old style forum posts only and should not be needed ↵ | Mario | 2022-02-21 | 1 | -9/+11 |
| | | | | anymore | ||||
* | do not require network for forums widget | Mario | 2022-02-21 | 1 | -1/+0 |
| | |||||
* | remove deprecated widgets and add some more widget descriptions | Mario | 2022-02-21 | 27 | -166/+148 |
| | |||||
* | merge branch pdledit_gui into dev - many widgets still miss their ↵ | Mario | 2022-02-20 | 11 | -9/+612 |
| | | | | description and requirements (this is work in progress) | ||||
* | thr_parent lost across edits | Mario | 2022-02-18 | 1 | -0/+1 |
| | |||||
* | php8 warnings | Mario | 2022-02-13 | 3 | -10/+13 |
| | |||||
* | address deprecation warnings | Mario | 2022-02-13 | 5 | -15/+23 |
| | |||||
* | add inbound support for quoteUrl | Mario | 2022-02-13 | 1 | -0/+38 |
| | |||||
* | make sure we have an array | Mario | 2022-02-11 | 1 | -2/+2 |
| | |||||
* | typo | Mario | 2022-02-11 | 1 | -1/+1 |
| | |||||
* | minor restructure to omit php 8.1 deprecation warning | Mario | 2022-02-11 | 1 | -3/+10 |
| | |||||
* | allow to override the DB charset via the $db_charset variable in .htconfig.php | Mario | 2022-02-10 | 1 | -2/+12 |
| | |||||
* | fix php8.1 deprecation warning | Mario | 2022-02-09 | 1 | -1/+1 |
| | |||||
* | gc() returns bool | Mario | 2022-02-09 | 1 | -1/+1 |
| | |||||
* | revert: union types are only possible from php version 8 and higher | Mario | 2022-02-09 | 1 | -2/+2 |
| | |||||
* | rename variable | Mario | 2022-02-08 | 1 | -6/+6 |
| | |||||
* | revert logging | Mario | 2022-02-08 | 1 | -2/+0 |
| | |||||
* | revert deleted flag for webfinger and zotfinger key | Mario | 2022-02-08 | 2 | -21/+11 |
| | |||||
* | HTTPSig: introduce the deleted keytype. this will allow us to not fetch an ↵ | Mario | 2022-02-08 | 1 | -6/+30 |
| | | | | actor we have never seen before if we received a delete activity for this actor for some reason. this is only implemented in the activitypub inbox so far. | ||||
* | Merge branch 'dev' of https://framagit.org/hubzilla/core into dev | Mario Vavti | 2022-02-08 | 3 | -4/+29 |
|\ | |||||
| * | to reduce overall network fetches cache actors in Activity::fetch() and ↵ | Mario | 2022-02-08 | 2 | -3/+11 |
| | | | | | | | | fetch the ldsig creator with get_actor() instead of get_compound_property() so that it will check the cache before actually fetching | ||||
| * | whitespace | Mario | 2022-02-04 | 1 | -2/+2 |
| | | |||||
| * | clean the url from parameters | Mario | 2022-02-04 | 1 | -0/+5 |
| | | |||||
| * | unpack encoded mid and make sure to goaway to the right message | Mario | 2022-02-03 | 1 | -1/+13 |
| | | |||||
* | | fix php error in externals and streamline actor cache time | Mario Vavti | 2022-02-08 | 2 | -2/+4 |
|/ | |||||
* | move JSalmon stuff from the data to the meta field in Lib ActivityStreams ↵ | Mario | 2022-02-03 | 3 | -26/+24 |
| | | | | and some more refinement on storing the raw ap and diaspora data in iconfig | ||||
* | only unset if set | Mario | 2022-02-02 | 1 | -4/+9 |
| | |||||
* | more PHP 8.1 deprecated warnings | Mario | 2022-02-02 | 1 | -0/+1 |
| | |||||
* | a like could be stored as item or activity so check both | Mario | 2022-02-02 | 1 | -2/+3 |
| | |||||
* | typo | Mario | 2022-02-01 | 1 | -1/+1 |
| | |||||
* | formatting | Mario | 2022-02-01 | 1 | -2/+2 |
| |