Michael
a87e0ad63c
Improve adding of alt descriptions when linking images
2024-06-15 12:39:49 +00:00
Tobias Diekershoff
86f238f379
Merge pull request #14233 from annando/media-scrolling
...
Fix paging on media pages
2024-06-15 13:47:10 +02:00
Michael
33b478d9ca
Don't display wordpress accounts in the forumlist
2024-06-15 09:27:55 +00:00
Michael
47ab246441
Fix paging on media pages
2024-06-15 09:04:36 +00:00
Michael
8dd8ca23f7
Issue 14220: Sanitize profile data
2024-06-14 20:19:31 +00:00
Michael
ab06d1964c
Reduce probing / handle exception for invalid url / always check for https
2024-06-13 06:16:52 +00:00
Michael
e587dcc7d3
Improve the inbox performance
2024-06-09 13:37:43 +00:00
Tobias Diekershoff
12f4eeb517
Merge pull request #14222 from annando/expiry
...
Further improvement of the expiring performance
2024-06-09 08:54:08 +02:00
Michael
e645d45c2d
Log the page execution performance
2024-06-09 06:25:28 +00:00
Michael
a2f463e60d
Further improvement of the expiring performance
2024-06-09 06:24:18 +00:00
Michael
b33d603f96
Improved performance when expiring posts
2024-06-07 04:02:13 +00:00
Michael
385a0c8e8c
Lock for "optimize" / expire in chunks
2024-06-05 05:39:31 +00:00
Tobias Diekershoff
72f6b07c88
2024.06-rc
2024-06-04 20:35:00 +02:00
Michael
c088bab141
Fix: Posts with attached links work again
2024-06-03 15:10:42 +00:00
Michael
259a676207
Option to reduced search scope to improve the performance
2024-06-02 09:27:05 +00:00
Michael
29187f1501
Option to define how posts with titles are transmitted
2024-06-01 08:19:09 +00:00
Michael
e14a63d848
Fix: $self is not an array
2024-05-30 03:17:34 +00:00
Michael
b61cfd193f
Blocked users need to be blocked
2024-05-29 13:34:56 +00:00
Michael
55cec6c61d
OpenWebAuth moved to a separate class / Improved authentication handling
2024-05-28 21:59:52 +00:00
Michael
fd3386fe20
Improved hostname handling with feeds
2024-05-28 05:20:53 +00:00
Michael
fd508fa423
Fix "TypeError: Argument 1 passed to Friendica\Util\Strings::compareLink() must be of the type string, null given"
2024-05-27 19:23:29 +00:00
Michael
95faba4446
Fix remote login issues between Friendica instances
2024-05-26 20:04:48 +00:00
Michael
7808c89071
Issue 14102: Display "channels only" contacts in circles
2024-05-26 16:00:27 +00:00
Hypolite Petovan
e8da8c5a2b
Merge pull request #14182 from annando/magic
...
Improve "magic" with Hubzilla
2024-05-26 10:03:07 -04:00
Michael
dca93a9606
Enable "magic" with Hubzilla
2024-05-26 12:44:08 +00:00
Michael
4d3d4de972
Provide OpenWebAuth related data
2024-05-26 06:45:26 +00:00
Tobias Diekershoff
5751311e99
Merge pull request #14179 from annando/authredirect
...
Store the "authredirect" path of a server
2024-05-26 08:05:23 +02:00
Michael
1853f00a12
Store the "authredirect" path of a server
2024-05-26 00:07:06 +00:00
Michael
df0440ea97
Issue 14175: Fix problems with upper case host names
2024-05-25 19:00:53 +00:00
Michael
4066a5403c
Improved summary handling for feeds
2024-05-23 19:45:42 +00:00
Michael
da37516abf
OpenWebAuth path is now fetched during probing
2024-05-20 19:46:29 +00:00
Michael
92a7b65587
Fix: Undefined array key "host"
2024-05-20 14:49:36 +00:00
Michael
7176fed316
Fix international domains
2024-05-20 09:11:09 +00:00
Michael
8ae1f0d0e9
Issue 14160: Don't add simple participants to "cc"
2024-05-19 14:52:41 +00:00
Michael
cb0b3e67be
Issue 14153: Don't transmit activities to all participants
2024-05-19 08:37:18 +00:00
Michael
846addf7b3
Improved streams detection
2024-05-16 15:26:46 +00:00
Hypolite Petovan
1f12d1e668
Merge pull request #14165 from annando/probe
...
Fixes "Undefined array key url"
2024-05-16 11:15:59 -04:00
Hypolite Petovan
c81ee0d1c3
Merge pull request #14162 from annando/sensitive
...
Respect the "sensitive" flag for posts
2024-05-16 11:12:28 -04:00
Michael
4ce1911889
Fixes " Undefined array key url"
2024-05-16 10:54:59 +00:00
Michael
0426572e92
Respect the "sensitive" flag for summaries
2024-05-15 12:17:06 +00:00
Hypolite Petovan
cad3a01b1c
Merge pull request #14161 from annando/error
...
Fix " Call to undefined method Friendica\App::getLoggedInUserNickname"
2024-05-15 07:56:56 -04:00
Michael
69b1958483
Fix " Call to undefined method Friendica\App::getLoggedInUserNickname"
2024-05-15 06:15:50 +00:00
Michael
1c66d49599
"Network::unparseURL" is replaced with "Uri::fromParts"
2024-05-14 21:47:57 +00:00
Michael
e12f92e516
Some more deprecated function calls are replaced
2024-05-14 19:21:25 +00:00
Michael
60f5fd8188
Many deprecated function calls are replaced
2024-05-13 21:37:15 +00:00
Hypolite Petovan
cfad5809ff
Merge pull request #14154 from annando/probe
...
Friendica probing simplified / Zot probing improved
2024-05-13 14:15:27 -04:00
Michael
82327b0b06
Improve the log level display
2024-05-13 12:34:35 +00:00
Michael
8a100e847d
Friendica probing simplified / Zot probing improved
2024-05-13 12:33:32 +00:00
Tobias Diekershoff
9ae4a17977
Merge pull request #14152 from annando/feed-no-html
...
Log the feed fix only if it has an effect.
2024-05-13 06:29:02 +02:00
Michael
21fc28029a
Probing for Zot improved and Pumpio removed
2024-05-13 00:58:54 +00:00
Michael
52b11856fa
Log the feed fix only if it has an effect.
2024-05-13 00:36:30 +00:00
Michael
5751e024c0
Request type set for all HTTP requests
2024-05-12 17:53:21 +00:00
Hypolite Petovan
d788cb82cc
Merge pull request #14148 from annando/summary
...
Use the field for the summary instead of the "abstract" element
2024-05-11 18:14:32 -04:00
Hypolite Petovan
ec5e8a55b5
Merge pull request #14147 from annando/feed-no-html
...
Support for non HTML content for feed imports
2024-05-11 18:13:40 -04:00
Michael
e43f96740b
Use the field for the summary instead of the "abstract" element
2024-05-11 20:14:01 +00:00
Michael
bca86beda0
Support for non HTML content for feed imports
2024-05-11 20:03:19 +00:00
Michael
567292533e
Issue 11963: Set Permissions for attachments
2024-05-11 19:19:18 +00:00
Tobias Diekershoff
99426d4188
Merge pull request #14144 from annando/unneeded-log-entry
...
Unneeded log entry removed
2024-05-11 14:34:47 +02:00
Michael Vogel
0be622e049
Merge pull request #14139 from MrPetovan/bug/apexrabbit-vulns
...
Fix a couple of stored XSS vulnerabilities
2024-05-11 14:03:24 +02:00
Michael
f574bc72ca
Unneeded log entry removed
2024-05-11 08:52:50 +00:00
Michael Vogel
5b55ba2176
Merge pull request #14141 from MrPetovan/bug/14045-addon-unregistration
...
Add support for absolute file paths when removing addon
2024-05-11 10:46:57 +02:00
Hypolite Petovan
40949483f3
Fix wrong return value in Item::gettopLevelParent()
...
- Address https://github.com/friendica/friendica/issues/14025#issuecomment-2105033182
2024-05-10 21:54:19 -04:00
Hypolite Petovan
42c3faa450
Add support for absolute file paths when removing addon
...
- This handles a rare case where absolute addon file paths were saved to the hook table
2024-05-10 20:34:47 -04:00
Hypolite Petovan
a6cb3ed903
Escape output of PermissionTooltip module
...
- Create AclReceivers and AddressedReceivers entities to collect contact names
- Create privacy/permission_tooltip.tpl to escape contact names
- Move PermissionTooltip module to Privacy namespace
- Thanks to @apexrabbit for the report!
2024-05-10 11:25:59 -04:00
Hypolite Petovan
c19a68dc64
Remove DI dependency from PermissionTooltip module
...
- Update PHPDoc of APContact::getByURL
2024-05-10 11:25:27 -04:00
Michael
afff2b949f
Improved user agent string
2024-05-10 09:01:43 +00:00
Tobias Diekershoff
0ae91b59ca
Merge pull request #14136 from annando/issue-14134
...
Issue 14134: Allow reshare posts from Bluesky and Tumblr
2024-05-10 08:04:33 +02:00
Michael
e7b861388d
Issue 14132: Title for videos
2024-05-10 05:42:45 +00:00
Michael
55fb52299d
Issue 14134: Allow reshare posts from Bluesky and Tumblr
2024-05-10 04:55:57 +00:00
Hypolite Petovan
b1b2e9bd11
Rework reports query in Moderation\Reports module class
...
- References to non-existent fields removed
- Added computed rules field
- Patch originally submitted by @TheTomcat14
2024-04-24 22:43:59 -04:00
Michael
984a972e72
API: Access channels and groups via lists
2024-04-19 21:42:34 +00:00
Michael
2776411c6c
"self::" should be "$this->" on non static functions
2024-04-18 05:18:44 +00:00
Michael
c82a1ed467
Performance improvements when displaying local posts
2024-04-17 19:16:47 +00:00
Michael
652802f758
Enable user defined channels upon adding/editing
2024-04-15 20:20:42 +00:00
Michael
9cf8678323
Unused function removed
2024-04-15 19:06:12 +00:00
Michael
0e79b5373b
The legacy proxy functionality is removed
2024-04-15 18:58:02 +00:00
Michael
b351819986
Fix: Undefined array key "allow_cid"
2024-04-15 03:25:06 +00:00
Michael
642c55ee3e
Fix: "Undefined property: stdClass::$personal"
2024-04-15 03:24:38 +00:00
Hypolite Petovan
49a0b0fc3c
Merge pull request #14090 from annando/bbcode
...
The BBCode conversion is split into several smaller functions
2024-04-14 21:59:46 -04:00
Michael
38da9013ff
The BBCode conversion is split into several smaller functions
2024-04-14 07:45:56 +00:00
Hypolite Petovan
ed01b0f409
Merge pull request #14075 from mexon/mat/empty-picture-scale
...
round scaled dimensions up to avoid zero size
2024-04-13 18:30:44 -04:00
Matthew Exon
c5b8abcaf0
round scaled dimensions up to avoid zero size
2024-04-13 21:50:17 +02:00
Michael
45b30825f0
Isolate the link conversion into a dedicated function
2024-04-11 22:10:30 +00:00
Michael
7dc5622dca
Issue #14079 : Shorten the displayed URL
2024-04-11 04:37:42 +00:00
Michael
a440619769
Prevent concurring ping requests
2024-04-10 22:25:14 +00:00
Tobias Diekershoff
9626a76b18
Merge pull request #14083 from annando/issue-13812
...
Issue 13812: Public groups with manual request approval
2024-04-09 18:46:44 +02:00
Michael
69fc2c04e4
Issue 13812: Public groups with manual request approval
2024-04-08 07:58:45 +00:00
Michael
d7e8ee51ae
Use similar values for generator and system actor
2024-04-08 06:33:03 +00:00
Tobias Diekershoff
02d8cc2f71
Merge pull request #14076 from annando/follow-vcard
...
Don't display the "follow/unfollow" vcard-link on pages meant for follow/unfollow
2024-04-08 07:35:16 +02:00
Michael
8b75aab4ad
Don't display the "follow/unfollow" vcard-link on pages meant for follow/unfollow
2024-04-07 21:30:39 +00:00
Michael
a2da42640c
Issue 14055: Set link to group server for group posts
2024-04-07 15:46:55 +00:00
Michael
78dc61b59e
Fallback mechanism for missing IDN functions
2024-04-06 11:26:12 +00:00
Michael
b40687081e
The data for the language display is now fetched on demand
2024-04-05 10:29:27 +00:00
Michael
50b1de5959
Menu option to display the search text
2024-04-05 07:35:21 +00:00
Michael
0d4f956fba
Avoid exception "Unable to retrieve the host in URL" in the search
2024-04-03 07:51:02 +00:00
Michael
626ab7cb54
Don't set posts to seen on channel ping
2024-04-02 21:31:57 +00:00
Éibhear Ó hAnluain
1d86146f64
Show next_try only for the deferred worker job.
2024-03-29 20:27:10 +00:00
Éibhear Ó hAnluain
751ffe6bc6
Add the next_try field to the worker job queue list
2024-03-29 20:27:10 +00:00
Michael
0fde21ff28
Improvements for channel counter
2024-03-27 11:12:44 +00:00
Michael
f537d7a64f
Simplified admin frontend for features
2024-03-25 21:55:42 +00:00
Michael
67e0b6357e
The visibility of network widgets can now be locked
2024-03-25 08:00:46 +00:00
Michael
200cf29a8d
Configuration for widgets
2024-03-25 07:38:36 +00:00
Michael Vogel
f78b0e7c51
Merge pull request #14037 from MrPetovan/bug/warnings
...
Add expected field 'uri-id' in Mastodon\Statuses\Bookmark
2024-03-24 20:57:20 +01:00
Hypolite Petovan
b21604a720
Merge pull request #14038 from annando/feature-constants
...
Constants for features
2024-03-24 19:37:39 +00:00
Hypolite Petovan
c67225c62d
Add expected field 'uri-id' in Mastodon\Statuses\Bookmark
...
- Address https://github.com/friendica/friendica/issues/14026#issuecomment-2016469896
2024-03-24 15:30:44 -04:00
Michael
c041c65c1d
Comstants for features
2024-03-24 14:48:23 +00:00
Hypolite Petovan
e293de04f5
Add '$VERSION' template variable to make Friendica version available in templates
...
- constant() Smarty function is deprecated
- Remove unused site-wide template variable '$APP'
- Address https://github.com/friendica/friendica/issues/14027#issuecomment-2016469408
2024-03-24 09:20:58 -04:00
Hypolite Petovan
b4d71f1855
Remove duplicated '$baseurl' template variable declarations
...
- This variable is declared for all templates in Renderer
2024-03-24 09:11:46 -04:00
Tobias Diekershoff
d824bb536f
Merge pull request #14032 from annando/quoted-posts
...
Implementation of FEP-e232 for quoted posts
2024-03-24 07:59:53 +01:00
Michael
b72e32a842
Add a link to the post if "no preview" is selected
2024-03-24 06:46:48 +00:00
Michael
b39c48fb02
Implementation of FEP-e232 for quoted posts
2024-03-24 06:05:37 +00:00
Michael
618a3153ab
Issue 13910: Display the unseen counter based on the channel
2024-03-23 17:17:56 +00:00
Michael
4b695e361c
Automatically close the registration when the admin is inactive
2024-03-22 04:19:40 +00:00
Michael
325932dc5a
Internal support for Bluesky tokens
2024-03-21 21:33:12 +00:00
Michael
7a0c5d141e
Issue 13714: Support for "commentsEnabled" and "capabilities"
2024-03-21 17:11:20 +00:00
Michael
3d267c7b8f
Possibility to mark contacts as "channel only"
2024-03-21 13:20:52 +00:00
Michael
3b419cae1e
Issue 13787: Filter in circles editor by contact relation
2024-03-21 12:58:54 +00:00
Hypolite Petovan
56f3743e75
Merge pull request #14021 from annando/worker-idletime
...
Execute a worker task when there hadn't one for some seconds
2024-03-21 12:41:20 +00:00
Michael
aff45278e1
Execute a worker task when there hadn't one for some seconds
2024-03-21 09:10:07 +00:00
Michael
11a16589da
Improved Content-Type check on incoming requests
2024-03-21 09:02:25 +00:00
Tobias Diekershoff
c5936bb51e
bump version to 2024.06-dev
2024-03-21 08:09:16 +01:00
Tobias Diekershoff
f13c5dcbaf
bump version to 2024.03
2024-03-21 08:01:47 +01:00
Hypolite Petovan
7331e44a1c
Merge pull request #14006 from annando/accounttype
...
Fix accounttype/nosharer url
2024-03-16 17:19:55 +00:00
Michael
1ffdb19c8e
Fix accounttype/nosharer url
2024-03-16 16:44:25 +00:00
Michael
a9b78d1974
Merge remote-tracking branch 'upstream/2024.03-rc' into relais-update
2024-03-16 08:35:56 +00:00
Michael Vogel
e6c23e69cc
Apply suggestions from code review
...
Co-authored-by: Hypolite Petovan <hypolite@mrpetovan.com>
2024-03-16 09:19:57 +01:00
Hypolite Petovan
c81a47c764
Merge pull request #14004 from annando/warning
...
Fix "Undefined variable $success"
2024-03-16 08:15:42 +00:00
Michael
28363a5416
Fix "Undefined variable $success"
2024-03-16 07:58:51 +00:00
Michael
f1be6d5181
Issue 14001: Fix "Incorrect integer value"
2024-03-16 07:53:12 +00:00
Michael
b75fdbbd32
Fix handling of relais contact updates
2024-03-16 05:30:21 +00:00
Tobias Diekershoff
b8396daca2
Merge pull request #13998 from annando/probe-hide
...
Fix: "unsearchable" is now stored
2024-03-15 07:24:13 +01:00
Michael
eaddf5318a
Fix: "unsearchable" is now stored
2024-03-15 06:07:47 +00:00
Tobias Diekershoff
49b79d0457
Merge pull request #13993 from annando/statistics
...
Systems added to the federation statistics
2024-03-14 07:35:23 +01:00
Michael
8ce1797480
Systems added to the federation statistics
2024-03-14 04:33:19 +00:00
Hypolite Petovan
aac5d41fd6
Escape HTML characters in profile RSS titles
...
Thanks to @r1pu5u for the tip left through the `security.txt` contact address!
2024-03-12 20:42:00 +00:00
Hypolite Petovan
57187f26ae
Merge pull request #13978 from annando/issue-13972
...
Default behaviour for adding media types
2024-03-12 20:06:24 +00:00
Hypolite Petovan
7446048d5d
Merge pull request #13987 from annando/api-issues
...
Fixes API-Issues #13985 and #13986
2024-03-12 19:33:42 +00:00
Michael
fda832cd83
"network/group" fragments are removed
2024-03-12 08:02:00 +00:00
Michael
30f31828ae
Fixes API-Issues #13985 and #13986
2024-03-12 03:12:36 +00:00
Michael
3b024450ff
Fix notice when sending private messages
2024-03-10 18:55:58 +00:00
Tobias Diekershoff
e22ef85386
Merge pull request #13982 from annando/no-unknown-media
...
Fix: Don't attach unknown media
2024-03-10 14:28:14 +01:00
Michael
76d469675e
Fix: Don't attach unknown media to posts
2024-03-10 10:14:54 +00:00
Michael
3496d3948a
Fix: Subject for private messages from Friendica systems
2024-03-09 22:32:38 +00:00
Michael
00b325d521
Default behaviour for adding media types
2024-03-09 15:45:38 +00:00
Michael
a1427a52b3
Don't offer the invalid content type
2024-03-09 10:46:53 +00:00
Michael
40a47b076d
Don't retry when fetching invalid content
2024-03-09 10:37:43 +00:00
Michael
d9bedbb473
Centralized logging for a wrong JSON content-type
2024-03-08 13:48:21 +00:00
Michael
5f0657a30c
Don't show the body in the log
2024-03-07 22:29:04 +00:00
Michael
435b30be11
Check for the content type before fetching the content
2024-03-07 22:16:52 +00:00
Michael
67696d08da
Set default value for max video height
2024-03-07 14:22:40 +00:00
Michael
68c2bdb98e
Change the last activity for delegation parents and siblings as well
2024-03-07 06:12:36 +00:00
Hypolite Petovan
111df607bc
Don't call mb_strlen() on $body if it isn't set in Model\Post\Counts
...
- Address https://github.com/friendica/friendica/issues/13761#issuecomment-1978354153
2024-03-06 12:01:25 -05:00
Michael
24e7556f85
Transmit the user avatar path
2024-03-06 03:25:04 +00:00
Michael
8cc7bad1ea
Issue 13939: Fix avatars for Diaspora
2024-03-06 03:00:09 +00:00
Michael
31b92b16ed
Reduce the height of portrait videos
2024-03-05 21:25:00 +00:00
Michael
ba07172a65
Compare with the utc value
2024-03-05 14:24:40 +00:00
Michael
72e045e744
Improved assigning of "last-activity" and "login_date"
2024-03-05 14:06:26 +00:00
Michael
52cc8ab73b
Issue 13765: Fixed creation of self user contact for approval
2024-03-04 07:30:04 +00:00
Hypolite Petovan
ea4e66c74c
Merge pull request #13957 from annando/issue-13940
...
Issue 13940: handle posts that can't be found in contexts
2024-03-03 13:42:00 -05:00
Michael
7471513269
Issue 13940: handle posts that can't be found in contexts
2024-03-03 18:32:26 +00:00
Michael
ae37c44cc0
Oembed: Some more cleanup
2024-03-03 18:06:25 +00:00
Michael
bae7644d6f
Issue 13955: Check for publish date upon receival
2024-03-02 19:21:14 +00:00
Michael Vogel
89ffe6875f
Merge pull request #13942 from MrPetovan/bug/fix-api-fixture
...
Fix API fixture data
2024-03-02 05:48:19 +01:00
Michael
5df1ead001
Issue 13953: Fix warning during postupdate
2024-03-01 08:41:12 +00:00
Michael
dd55ba2d77
Issue 13949: Block access via OAuth
2024-02-29 22:03:57 +00:00
Hypolite Petovan
c9f7d9baff
Merge pull request #13946 from annando/issue-13819
...
Issue 13819: Ensure to not use OEmbed if not wanted
2024-02-29 07:54:43 -05:00
Michael
40e882004e
Use the exact embed URLs
2024-02-29 07:40:36 +00:00
Michael
e394a6b0fa
Issue 13819: Ensure to not use OEmbed if not wanted
2024-02-29 07:37:58 +00:00
Michael
8cf82a8449
Exceptions and warnings fixed
2024-02-29 04:40:04 +00:00
Hypolite Petovan
d37699bc08
Throw Not Found exception when $uid doesn't exist in Factory\Api\Twitter\User->createFromUserId
...
- Contact::getPublicIdByUserId() wrongly returns 0 when $uid doesn't exist, which is an existing albeit invalid record.
2024-02-27 08:41:51 -05:00
Michael
ddc9f5f595
Image handling: separate between outout and input type, use Imagick on PNG
2024-02-25 08:52:52 +00:00
Michael
e52fa44d3f
Round the load to two digits
2024-02-24 17:37:30 +00:00
Hypolite Petovan
f74d6f9ebb
Merge pull request #13932 from annando/oembed-cleanup
...
Unused OEmbed functionality is removed
2024-02-24 11:03:48 -05:00
Michael
b572b8989f
Use media link instead of proxy for pictures
2024-02-24 15:11:27 +00:00
Michael
5800a973cb
Fixed positive list
2024-02-24 13:56:12 +00:00
Michael Vogel
44ce5471b3
Onepoll: Prevent errors with invalid mails ( #13934 )
2024-02-24 13:18:44 +01:00
Michael
20fd25258a
Accidentally changes are reverted
2024-02-24 11:35:32 +00:00
Michael
00bb538fd0
Merge branch '2024.03-rc' of https://github.com/friendica/friendica into 2024.03-rc
2024-02-24 11:01:44 +00:00
Michael
12bdbaaba8
OEmbed: Complete cleanup
2024-02-24 11:01:34 +00:00
Michael
821a135033
Unused OEmbed functionality is removed
2024-02-24 10:58:18 +00:00
Hypolite Petovan
0a73050de1
Increase API photo preview size for Mastodon API to 640
2024-02-23 22:41:21 -05:00
Hypolite Petovan
a25dbf839a
Remove photo user id fallback from 2021
...
- Remove deprecated /photos/{nickname} fallback routes
- The contact id fallback is a lie, there's no replacement feature
2024-02-23 22:41:18 -05:00
Hypolite Petovan
e16b6ee6e1
Check form security token in /settings/userexport module ( #13929 )
...
* Escape HTML in the location field of a calendar event post
- This allowed script tags to be interpreted in the post display of an event.
* Add form security token check to /admin/phpinfo module
- This prevents basic XSS attacks against /admin/phpinfo
* Add form security token check to /babel module
- This prevents basic XSS attacks against /babel
* Prevent pass-through for attachments
- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload
* Prevent overwriting cid on event edit
- This allowed to share an event as any other user after zeroing the cid field of an existing event
* Check form security token in /settings/userexport module
- Prevents basic XSS attacks against /settings/userexport/*
2024-02-22 21:08:32 +01:00
Hypolite Petovan
5c5d7eb04f
Fix several vulnerabilities ( #13927 )
...
* Escape HTML in the location field of a calendar event post
- This allowed script tags to be interpreted in the post display of an event.
* Add form security token check to /admin/phpinfo module
- This prevents basic XSS attacks against /admin/phpinfo
* Add form security token check to /babel module
- This prevents basic XSS attacks against /babel
* Prevent pass-through for attachments
- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload
* Prevent overwriting cid on event edit
- This allowed to share an event as any other user after zeroing the cid field of an existing event
2024-02-22 06:53:52 +01:00
Michael Vogel
71384e6f39
Issue 13909: Filter channels by network ( #13924 )
2024-02-20 07:11:26 +01:00
Michael Vogel
d95c9d28a8
Issue 13922: "voted" must not be null ( #13923 )
2024-02-20 07:09:55 +01:00
Hypolite Petovan
bb7d25dfc9
Merge pull request #13921 from annando/content-type
...
Check for activity pub mime types
2024-02-19 05:57:47 -05:00
Michael Vogel
d5c0f086bd
Disallow mail addresses for registration ( #13920 )
...
* Disallow mail addresses for registration
* Order for allow/disallow has been changed
2024-02-19 09:33:20 +01:00
Michael
892e0a5623
Check for activity pub mime types
2024-02-19 07:11:56 +00:00
Michael Vogel
cb294cf411
Avoid problems with an empty domain in the blocklist ( #13919 )
...
* Avoid problems with an empty domain in the blocklist
* Test code removed
2024-02-19 07:22:19 +01:00
Hypolite Petovan
623a5be8a6
Clarify condition on offset in Mastodon\Search->searchStatuses
2024-02-18 18:48:37 -05:00
Hypolite Petovan
d1cd9a016e
Move Api\Mastodon\Instance\Extended to ExtendedDescription
...
- Add reference to Mastodon documentation
2024-02-18 18:47:59 -05:00
Michael Vogel
7d5d3b3c29
Issue 13293: Endpoint /api/v1/accounts/lookup implemented ( #13917 )
2024-02-18 20:17:06 +01:00
Michael Vogel
bcec6c5ab2
Issue #13899 : Fix error on postupdate ( #13915 )
2024-02-18 20:09:56 +01:00
Michael Vogel
6384265cbd
Issue #13823 : Fix "Mutes" endpoint ( #13916 )
2024-02-18 20:07:51 +01:00
Michael Vogel
f12276eff8
New channel "quiet sharers" for posts from lesser frequent posters ( #13913 )
2024-02-18 15:54:21 +01:00
Michael Vogel
c6160a1c38
Fix API issues #13887 , #13886 , #13863 , #13809 , #13897 ( #13911 )
2024-02-18 15:52:30 +01:00
Michael Vogel
07c20da08f
Issue 13905: ostatus context added ( #13912 )
2024-02-18 15:46:41 +01:00
Michael Vogel
4eefd0a205
Merge pull request #13908 from MrPetovan/bug/warnings
...
Avoid passing null bytes in regular expression in Object\Image
2024-02-18 05:33:41 +01:00
Hypolite Petovan
1956c2ecfd
Avoid passing null bytes in regular expression in Object\Image
...
- Remove capturing expression for A|B in favor of bracket syntax in regular expression since matches aren't used.
- Regular expressions have their own character escape notation including backslashes that need to be escaped in a PHP string.
- Actually address https://github.com/friendica/friendica/issues/13761#issuecomment-1949930922
2024-02-17 22:27:37 -05:00