aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'security-fixes-lfi-xss-open-redirect' into 'dev'Mario2022-03-2310-47/+47
|\ | | | | | | | | Security fixes See merge request hubzilla/core!2017
| * CVE-2022-27256: Open redirect via rpath query param.Harald Eilertsen2022-03-2010-27/+27
| | | | | | | | | | | | | | | | Don't follow urls to external sites when submitting forms from the settings modules. This mitigates an Open Redirect vulnerability where an attacker could trick a user to go to an attacker controlled destination. Fixes part of https://framagit.org/hubzilla/core/-/issues/1666
| * CVE-2022-27258: XSS via rpath query param.Harald Eilertsen2022-03-2010-20/+20
| | | | | | | | | | | | | | | | | | | | Escape URLs provided by the rpath query param in settings modules. This prevents a possible Cross-Site scripting vulnerability, where an attacker could inject web scripts and html into the settings form via the rpath query parameter, and have a user execute the script by tricking them to clicking a link. Fixes part of https://framagit.org/hubzilla/core/-/issues/1666
* | add the signing algo to zotinfo, and store it in import_xchan() if presentMario2022-03-202-0/+9
|/
* make sure an announce does not overwrite an item we already have and make ↵Mario2022-03-111-0/+7
| | | | sure it will be a toplevel post
* whitespaceMario2022-03-101-35/+35
|
* support for hs2019Mario2022-03-102-16/+61
|
* move attachments to the topMario2022-03-051-5/+5
|
* fix regressionMario2022-03-041-2/+2
|
* streamline event activity handlingMario2022-03-041-11/+80
|
* port some ap quirks from the addonMario2022-03-041-15/+50
|
* more work on enhanced content filtersMario2022-03-032-3/+39
|
* collect the accept headers in an arrayMario2022-03-031-2/+6
|
* Merge branch 'dev' of https://framagit.org/hubzilla/core into devMario2022-03-021-2/+2
|\
| * Merge branch 't0rum-master-patch-68993' into 'master'Mario2022-03-011-2/+2
| | | | | | | | | | | | | | | | | | Typo in Setup.php prevents users from using Postgres See merge request hubzilla/core!2014 (cherry picked from commit 0e2e9321025f87fe9587f3d183adaea6185e4e20) d384f55d Typo in Setup.php prevents users from using Postgres
* | port some peertube tweeks from pubcrawl to lib/activityMario2022-03-021-20/+47
|/
* enhanced content filtersMario2022-03-015-75/+230
|
* make gprobe deal with URLs, fix issue in get_actor_protocols and fix missing ↵Mario2022-02-283-15/+41
| | | | author issue if wall2wall comment arrives and author is not yet known
* widget descriptions and add content region to all pdl files for convenienceMario2022-02-2334-59/+190
|
* this was required for old style forum posts only and should not be needed ↵Mario2022-02-211-9/+11
| | | | anymore
* do not require network for forums widgetMario2022-02-211-1/+0
|
* remove deprecated widgets and add some more widget descriptionsMario2022-02-2127-166/+148
|
* merge branch pdledit_gui into dev - many widgets still miss their ↵Mario2022-02-2011-9/+612
| | | | description and requirements (this is work in progress)
* thr_parent lost across editsMario2022-02-181-0/+1
|
* php8 warningsMario2022-02-133-10/+13
|
* address deprecation warningsMario2022-02-135-15/+23
|
* add inbound support for quoteUrlMario2022-02-131-0/+38
|
* make sure we have an arrayMario2022-02-111-2/+2
|
* typoMario2022-02-111-1/+1
|
* minor restructure to omit php 8.1 deprecation warningMario2022-02-111-3/+10
|
* allow to override the DB charset via the $db_charset variable in .htconfig.phpMario2022-02-101-2/+12
|
* fix php8.1 deprecation warningMario2022-02-091-1/+1
|
* gc() returns boolMario2022-02-091-1/+1
|
* revert: union types are only possible from php version 8 and higherMario2022-02-091-2/+2
|
* rename variableMario2022-02-081-6/+6
|
* revert loggingMario2022-02-081-2/+0
|
* revert deleted flag for webfinger and zotfinger keyMario2022-02-082-21/+11
|
* HTTPSig: introduce the deleted keytype. this will allow us to not fetch an ↵Mario2022-02-081-6/+30
| | | | actor we have never seen before if we received a delete activity for this actor for some reason. this is only implemented in the activitypub inbox so far.
* Merge branch 'dev' of https://framagit.org/hubzilla/core into devMario Vavti2022-02-083-4/+29
|\
| * to reduce overall network fetches cache actors in Activity::fetch() and ↵Mario2022-02-082-3/+11
| | | | | | | | fetch the ldsig creator with get_actor() instead of get_compound_property() so that it will check the cache before actually fetching
| * whitespaceMario2022-02-041-2/+2
| |
| * clean the url from parametersMario2022-02-041-0/+5
| |
| * unpack encoded mid and make sure to goaway to the right messageMario2022-02-031-1/+13
| |
* | fix php error in externals and streamline actor cache timeMario Vavti2022-02-082-2/+4
|/
* move JSalmon stuff from the data to the meta field in Lib ActivityStreams ↵Mario2022-02-033-26/+24
| | | | and some more refinement on storing the raw ap and diaspora data in iconfig
* only unset if setMario2022-02-021-4/+9
|
* more PHP 8.1 deprecated warningsMario2022-02-021-0/+1
|
* a like could be stored as item or activity so check bothMario2022-02-021-2/+3
|
* typoMario2022-02-011-1/+1
|
* formattingMario2022-02-011-2/+2
|