From 160c40b5807aea8e05f5cea6c4ed0115ac6a7f53 Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 31 Oct 2024 11:07:42 +0000 Subject: make sure the objects published date has the correct time format --- Zotlabs/Module/Item.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index 5618137a1..d96cfd822 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -1060,7 +1060,7 @@ class Item extends Controller { $obj['id'] = $mid; $obj['diaspora:guid'] = $uuid; $obj['attributedTo'] = channel_url($channel); - $obj['published'] = $created; + $obj['published'] = datetime_convert('UTC', 'UTC', $created, ATOM_TIME); $obj['name'] = $title; $datarray['obj'] = $obj; -- cgit v1.2.3 From 38c947590e81fbb00e315e1902eba8dd6dbdd0ec Mon Sep 17 00:00:00 2001 From: Harald Eilertsen Date: Sat, 2 Nov 2024 14:42:00 +0000 Subject: Fix missing CSRF checks in admin/account_edit --- Zotlabs/Module/Admin/Account_edit.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Account_edit.php b/Zotlabs/Module/Admin/Account_edit.php index 0300fb10c..35a15133f 100644 --- a/Zotlabs/Module/Admin/Account_edit.php +++ b/Zotlabs/Module/Admin/Account_edit.php @@ -8,6 +8,11 @@ class Account_edit { function post() { + // Validate CSRF token + // + // We terminate with a 403 Forbidden status if the check fails. + check_form_security_token_ForbiddenOnErr('admin_account_edit', 'security'); + $account_id = $_REQUEST['aid']; if(! $account_id) @@ -18,7 +23,7 @@ class Account_edit { if($pass1 && $pass2 && ($pass1 === $pass2)) { $salt = random_string(32); $password_encoded = hash('whirlpool', $salt . $pass1); - $r = q("update account set account_salt = '%s', account_password = '%s', + $r = q("update account set account_salt = '%s', account_password = '%s', account_password_changed = '%s' where account_id = %d", dbesc($salt), dbesc($password_encoded), @@ -34,7 +39,7 @@ class Account_edit { $account_level = 5; $account_language = trim($_REQUEST['account_language']); - $r = q("update account set account_service_class = '%s', account_level = %d, account_language = '%s' + $r = q("update account set account_service_class = '%s', account_level = %d, account_language = '%s' where account_id = %d", dbesc($service_class), intval($account_level), @@ -62,8 +67,8 @@ class Account_edit { return ''; } - $a = replace_macros(get_markup_template('admin_account_edit.tpl'), [ + '$security' => get_form_security_token('admin_account_edit'), '$account' => $x[0], '$title' => t('Account Edit'), '$pass1' => [ 'pass1', t('New Password'), ' ','' ], -- cgit v1.2.3