Commit graph

1477 commits

Author SHA1 Message Date
Hypolite Petovan
5c5d7eb04f
Fix several vulnerabilities (#13927)
* Escape HTML in the location field of a calendar event post

- This allowed script tags to be interpreted in the post display of an event.

* Add form security token check to /admin/phpinfo module

- This prevents basic XSS attacks against /admin/phpinfo

* Add form security token check to /babel module

- This prevents basic XSS attacks against /babel

* Prevent pass-through for attachments

- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload

* Prevent overwriting cid on event edit

- This allowed to share an event as any other user after zeroing the cid field of an existing event
2024-02-22 06:53:52 +01:00
Michael Vogel
d5c0f086bd
Disallow mail addresses for registration (#13920)
* Disallow mail addresses for registration

* Order for allow/disallow has been changed
2024-02-19 09:33:20 +01:00
Michael Vogel
52825cb4c4
User setting to disable blurring of sensitive pictures (#13883) 2024-02-10 09:50:49 +01:00
Michael Vogel
665316c14d
Issue 13859: Posts to a group in "Vier" is now possible (#13864) 2024-01-31 19:09:57 +01:00
Michael
3fe4991fcf Filter user defined channels by size 2024-01-30 10:05:05 +00:00
Michael Vogel
09edf251ee
Anti spam measures against hashtag spam (#13855) 2024-01-25 19:41:07 +01:00
Michael
6389133575 Expiry post search index entries 2024-01-21 16:24:59 +00:00
Michael
7a13d8b8ac Merge remote-tracking branch 'upstream/develop' into channel-relay 2024-01-15 06:14:55 +00:00
Dr. Tobias Quathamer
6fd057fd00 Use double quotes where possible 2024-01-07 21:48:22 +01:00
Dr. Tobias Quathamer
e6036b8266 Clean up smarty templates.
This simplifies some logic in if-conditions, because
smarty just returns an empty string for undefined
variables.

Also, this commit removes unnecessary values from
HTML input attributes.
2024-01-07 21:40:01 +01:00
Michael
d2a74d1936 New option to disallow 2024-01-07 19:22:56 +00:00
Michael
c4b85ef25a New field "publish" for channels 2024-01-07 18:36:47 +00:00
Michael
811a9f01bc New user account type "Channel Relay" 2024-01-06 17:27:42 +00:00
Dr. Tobias Quathamer
26f4532d47 Enable HTML attributes in all form fields.
Closes #13804
2024-01-06 16:28:48 +01:00
Michael
4e1263c1f8 Fixed indentation 2024-01-03 19:22:53 +00:00
Michael
31b88da9d5 Merge remote-tracking branch 'upstream/develop' into channel-languages 2024-01-03 19:17:58 +00:00
Michael
da3d390187 User defined channels can now have got individual language definitions 2024-01-03 19:17:14 +00:00
Michael
7ecf143e4c The "unkmail" functionality is removed 2024-01-03 10:23:11 +00:00
Michael
16d0d17169 There is now a single way to display group postings 2024-01-02 20:45:02 +00:00
Raroun
a609e545b6
Update remote_friends_common.tpl
Addes collapsable remote friends in common for frio and vier
2023-12-26 16:43:23 +01:00
Raroun
cc5711b2df
Update remote_friends_common.tpl
moved rfic-desc to top, tested on vier, frio and both mobile views
2023-12-26 09:48:57 +01:00
Hypolite Petovan
04cdd3e8ec
Fix Smarty reference to version constant after it was moved to App class (#13769) 2023-12-25 19:26:19 +01:00
Michael Vogel
f23ecaff6a
Posts per author/server on the community pages (#13764)
* Posts per author/server on the community pages

* Updated database.sql
2023-12-25 12:39:15 +01:00
Michael
cb91800088 "worker_fetch_limit" is moved as well 2023-12-03 22:49:35 +00:00
Michael
5cd85d9bb7 "items per page" is now in the site settings as well 2023-12-03 14:30:40 +00:00
Michael
e99c916df1 Some more settings moved to the admin frontend 2023-12-03 13:43:48 +00:00
Michael
7bf7744efb The "cron_interval" is now reachable via the admin site settings 2023-12-03 11:20:37 +00:00
Michael
e87c79780a "min_poll_interval" moved as well 2023-12-03 11:08:21 +00:00
Michael
f93192bc28 The channel settings are now available on the site settings 2023-12-03 09:45:13 +00:00
Michael
46b1b66dbf Several settings can now be reached via the site settings 2023-11-28 00:57:51 +00:00
Michael
67f727e3b3 Merge remote-tracking branch 'upstream/2023.09-rc' into server-discovery 2023-11-27 19:28:13 +00:00
Michael
077c9ff0c9 Improved control about the contact/server updates 2023-11-27 19:00:12 +00:00
Hypolite Petovan
3b3d0231bc Replace last occurrences of in_array used as a Smarty modifier
- Address https://github.com/friendica/friendica/issues/13158#issuecomment-1826266366
2023-11-27 12:07:18 -05:00
Michael
b3d7dfb9a5 Issue 8542: User option to display the event list/birthday notification 2023-11-25 14:57:24 +00:00
Raroun
571f95546a
Update view/templates/shared_content.tpl
Co-authored-by: Hypolite Petovan <hypolite@mrpetovan.com>
2023-11-19 13:45:32 +01:00
Raroun
98f99c536e
Update shared_content.tpl
Added new behavior here too
2023-11-19 09:50:30 +01:00
Michael
581b96c32f New user option to hide the page drop checkbox 2023-11-15 21:55:54 +00:00
Michael
fce82deabc Merge remote-tracking branch 'upstream/2023.09-rc' into channel-improvements 2023-10-14 19:06:35 +00:00
Michael
be394b573d Channels: Larger fields, better error handling 2023-10-14 18:39:35 +00:00
Hypolite Petovan
3a42849759 Add current user's hovercard to removeme page
- Extract Hovercard generation to Content\Widget
2023-10-14 14:15:41 -04:00
Hypolite Petovan
e6855d3125 Refactor Delegation modules
- Remove dependency on DI
- Group translation labels in template variables
- Reformat tempate code
2023-10-14 14:15:40 -04:00
Jakobus Schürz
67a6899ed7 send on ctrl+enter
in
* comments
* prv_messages
* composer
* jot
2023-10-11 04:09:44 +02:00
Michael Vogel
947ad55185
Merge pull request #13518 from MrPetovan/bug/warnings
Normalize template variables in Widget\VCard
2023-10-09 05:29:06 +02:00
Hypolite Petovan
2eab25e7c1 Add caption to described images without a preview 2023-10-08 10:28:17 -04:00
Hypolite Petovan
c31c264b0b Normalize template variables in Widget\VCard
- Display new links in vier
- Address https://github.com/friendica/friendica/issues/13157#issuecomment-1751750581
2023-10-08 08:37:40 -04:00
Michael
fbded95f65 Merge remote-tracking branch 'upstream/2023.09-rc' into user-defined-channels 2023-10-05 13:15:45 +00:00
Jakobus Schürz
3596b5e165 add loagin="lazy" to avatar-images too
resolves #13486

The loading of avatar-images still blocked the loading of notifications.

mostyl in frio!
now it's a big time improvement on loading friendica
2023-10-04 11:56:46 +02:00
Michael
b8208974a4 Merge remote-tracking branch 'upstream/develop' into user-defined-channels 2023-10-04 09:40:32 +00:00
Hypolite Petovan
163a85c78f Add new horizontal masonry and image height allocation
- Move image templates to content/image sub-folder
2023-10-03 19:58:52 -04:00
Hypolite Petovan
3333d4af88 Change parameter to PostMedias in Item::makeImageGrid
- Add dimension rescaling when updating the preview URL
2023-10-03 19:58:51 -04:00