Hypolite Petovan
aac5d41fd6
Escape HTML characters in profile RSS titles
...
Thanks to @r1pu5u for the tip left through the `security.txt` contact address!
2024-03-12 20:42:00 +00:00
Hypolite Petovan
57187f26ae
Merge pull request #13978 from annando/issue-13972
...
Default behaviour for adding media types
2024-03-12 20:06:24 +00:00
Hypolite Petovan
7446048d5d
Merge pull request #13987 from annando/api-issues
...
Fixes API-Issues #13985 and #13986
2024-03-12 19:33:42 +00:00
Michael
fda832cd83
"network/group" fragments are removed
2024-03-12 08:02:00 +00:00
Michael
30f31828ae
Fixes API-Issues #13985 and #13986
2024-03-12 03:12:36 +00:00
Michael
3b024450ff
Fix notice when sending private messages
2024-03-10 18:55:58 +00:00
Tobias Diekershoff
e22ef85386
Merge pull request #13982 from annando/no-unknown-media
...
Fix: Don't attach unknown media
2024-03-10 14:28:14 +01:00
Michael
76d469675e
Fix: Don't attach unknown media to posts
2024-03-10 10:14:54 +00:00
Michael
3496d3948a
Fix: Subject for private messages from Friendica systems
2024-03-09 22:32:38 +00:00
Michael
00b325d521
Default behaviour for adding media types
2024-03-09 15:45:38 +00:00
Michael
a1427a52b3
Don't offer the invalid content type
2024-03-09 10:46:53 +00:00
Michael
40a47b076d
Don't retry when fetching invalid content
2024-03-09 10:37:43 +00:00
Michael
d9bedbb473
Centralized logging for a wrong JSON content-type
2024-03-08 13:48:21 +00:00
Michael
5f0657a30c
Don't show the body in the log
2024-03-07 22:29:04 +00:00
Michael
435b30be11
Check for the content type before fetching the content
2024-03-07 22:16:52 +00:00
Michael
67696d08da
Set default value for max video height
2024-03-07 14:22:40 +00:00
Michael
68c2bdb98e
Change the last activity for delegation parents and siblings as well
2024-03-07 06:12:36 +00:00
Hypolite Petovan
111df607bc
Don't call mb_strlen() on $body if it isn't set in Model\Post\Counts
...
- Address https://github.com/friendica/friendica/issues/13761#issuecomment-1978354153
2024-03-06 12:01:25 -05:00
Michael
24e7556f85
Transmit the user avatar path
2024-03-06 03:25:04 +00:00
Michael
8cc7bad1ea
Issue 13939: Fix avatars for Diaspora
2024-03-06 03:00:09 +00:00
Michael
31b92b16ed
Reduce the height of portrait videos
2024-03-05 21:25:00 +00:00
Michael
ba07172a65
Compare with the utc value
2024-03-05 14:24:40 +00:00
Michael
72e045e744
Improved assigning of "last-activity" and "login_date"
2024-03-05 14:06:26 +00:00
Michael
52cc8ab73b
Issue 13765: Fixed creation of self user contact for approval
2024-03-04 07:30:04 +00:00
Hypolite Petovan
ea4e66c74c
Merge pull request #13957 from annando/issue-13940
...
Issue 13940: handle posts that can't be found in contexts
2024-03-03 13:42:00 -05:00
Michael
7471513269
Issue 13940: handle posts that can't be found in contexts
2024-03-03 18:32:26 +00:00
Michael
ae37c44cc0
Oembed: Some more cleanup
2024-03-03 18:06:25 +00:00
Michael
bae7644d6f
Issue 13955: Check for publish date upon receival
2024-03-02 19:21:14 +00:00
Michael Vogel
89ffe6875f
Merge pull request #13942 from MrPetovan/bug/fix-api-fixture
...
Fix API fixture data
2024-03-02 05:48:19 +01:00
Michael
5df1ead001
Issue 13953: Fix warning during postupdate
2024-03-01 08:41:12 +00:00
Michael
dd55ba2d77
Issue 13949: Block access via OAuth
2024-02-29 22:03:57 +00:00
Hypolite Petovan
c9f7d9baff
Merge pull request #13946 from annando/issue-13819
...
Issue 13819: Ensure to not use OEmbed if not wanted
2024-02-29 07:54:43 -05:00
Michael
40e882004e
Use the exact embed URLs
2024-02-29 07:40:36 +00:00
Michael
e394a6b0fa
Issue 13819: Ensure to not use OEmbed if not wanted
2024-02-29 07:37:58 +00:00
Michael
8cf82a8449
Exceptions and warnings fixed
2024-02-29 04:40:04 +00:00
Hypolite Petovan
d37699bc08
Throw Not Found exception when $uid doesn't exist in Factory\Api\Twitter\User->createFromUserId
...
- Contact::getPublicIdByUserId() wrongly returns 0 when $uid doesn't exist, which is an existing albeit invalid record.
2024-02-27 08:41:51 -05:00
Michael
ddc9f5f595
Image handling: separate between outout and input type, use Imagick on PNG
2024-02-25 08:52:52 +00:00
Michael
e52fa44d3f
Round the load to two digits
2024-02-24 17:37:30 +00:00
Hypolite Petovan
f74d6f9ebb
Merge pull request #13932 from annando/oembed-cleanup
...
Unused OEmbed functionality is removed
2024-02-24 11:03:48 -05:00
Michael
b572b8989f
Use media link instead of proxy for pictures
2024-02-24 15:11:27 +00:00
Michael
5800a973cb
Fixed positive list
2024-02-24 13:56:12 +00:00
Michael Vogel
44ce5471b3
Onepoll: Prevent errors with invalid mails ( #13934 )
2024-02-24 13:18:44 +01:00
Michael
20fd25258a
Accidentally changes are reverted
2024-02-24 11:35:32 +00:00
Michael
00bb538fd0
Merge branch '2024.03-rc' of https://github.com/friendica/friendica into 2024.03-rc
2024-02-24 11:01:44 +00:00
Michael
12bdbaaba8
OEmbed: Complete cleanup
2024-02-24 11:01:34 +00:00
Michael
821a135033
Unused OEmbed functionality is removed
2024-02-24 10:58:18 +00:00
Hypolite Petovan
0a73050de1
Increase API photo preview size for Mastodon API to 640
2024-02-23 22:41:21 -05:00
Hypolite Petovan
a25dbf839a
Remove photo user id fallback from 2021
...
- Remove deprecated /photos/{nickname} fallback routes
- The contact id fallback is a lie, there's no replacement feature
2024-02-23 22:41:18 -05:00
Hypolite Petovan
e16b6ee6e1
Check form security token in /settings/userexport module ( #13929 )
...
* Escape HTML in the location field of a calendar event post
- This allowed script tags to be interpreted in the post display of an event.
* Add form security token check to /admin/phpinfo module
- This prevents basic XSS attacks against /admin/phpinfo
* Add form security token check to /babel module
- This prevents basic XSS attacks against /babel
* Prevent pass-through for attachments
- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload
* Prevent overwriting cid on event edit
- This allowed to share an event as any other user after zeroing the cid field of an existing event
* Check form security token in /settings/userexport module
- Prevents basic XSS attacks against /settings/userexport/*
2024-02-22 21:08:32 +01:00
Hypolite Petovan
5c5d7eb04f
Fix several vulnerabilities ( #13927 )
...
* Escape HTML in the location field of a calendar event post
- This allowed script tags to be interpreted in the post display of an event.
* Add form security token check to /admin/phpinfo module
- This prevents basic XSS attacks against /admin/phpinfo
* Add form security token check to /babel module
- This prevents basic XSS attacks against /babel
* Prevent pass-through for attachments
- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload
* Prevent overwriting cid on event edit
- This allowed to share an event as any other user after zeroing the cid field of an existing event
2024-02-22 06:53:52 +01:00