Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-01-10 17:24:43 +00:00
Code Issues Projects Releases Packages Wiki Activity
39696 commits 2 branches 67 tags 247 MiB
Commit graph

28 commits

Author SHA1 Message Date
Tobias Diekershoff
30a5ef33b0 REUSE src directory 2024-08-24 15:27:00 +02:00
Michael
69b1958483 Fix " Call to undefined method Friendica\App::getLoggedInUserNickname" 2024-05-15 06:15:50 +00:00
Michael
60f5fd8188 Many deprecated function calls are replaced 2024-05-13 21:37:15 +00:00
Michael
c041c65c1d Comstants for features 2024-03-24 14:48:23 +00:00
Hypolite Petovan
5c5d7eb04f
Fix several vulnerabilities (#13927) 
* Escape HTML in the location field of a calendar event post

- This allowed script tags to be interpreted in the post display of an event.

* Add form security token check to /admin/phpinfo module

- This prevents basic XSS attacks against /admin/phpinfo

* Add form security token check to /babel module

- This prevents basic XSS attacks against /babel

* Prevent pass-through for attachments

- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload

* Prevent overwriting cid on event edit

- This allowed to share an event as any other user after zeroing the cid field of an existing event
 2024-02-22 06:53:52 +01:00
Michael
89e7420237 Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
Hypolite Petovan
81279dad9e Move System::jsonExit to BaseModule->jsonExit 
- This will ensure headers set in BaseModule->run will be carried in jsonExit scenarios
- Deprecate jsonExit() method in Core\System
 2023-09-24 07:08:15 -04:00
Hypolite Petovan
da1416c07f Move System::httpExit to BaseModule->httpExit 
- This will ensure headers set in BaseModule->run will be carried in httpExit scenarios
- Deprecate httpExit() method in Core\System
 2023-09-24 07:08:15 -04:00
Hypolite Petovan
4f7740264e Replace "group" with "circle" in the rest of the code 
- Remaining mentions already mean "forum"
 2023-05-27 22:01:45 -04:00
Hypolite Petovan
323765110c Enable calendar export for public_calendar = true 2023-01-14 10:39:18 -05:00
Hypolite Petovan
1874a32728 Happy New Year 2023! 2023-01-01 09:36:24 -05:00
Michael
9115ec5f0d Adjust class references to the new location 2022-12-30 21:20:28 +00:00
Hypolite Petovan
777afb45fc Apply calendar owner custom theme 2022-12-15 23:14:45 -05:00
Hypolite Petovan
a0752b1161 Escape HTML in event mapping callback 
- This prevents arbitrary Javascript from being executed from the calendar view
 2022-12-04 06:37:37 -05:00
Hypolite Petovan
2f42606c43 Add information about BBCode availability in event fields 2022-12-04 06:37:37 -05:00
Hypolite Petovan
349436a77a Fix event start time not being properly converted to UTC 
- This was triggering unexpected time comparison errors
 2022-12-04 06:37:36 -05:00
Hypolite Petovan
1b71b963d7 Fix description not being populated in event form when there's a validation error 2022-12-04 06:37:36 -05:00
Hypolite Petovan
84b2a35e05 Add new public_calendar additional feature 
- This gives anonymous access to public events
 2022-12-01 08:06:07 -05:00
Hypolite Petovan
b83526ad0b Tighten profile restriction feature 
- Prevent feed access to restricted profiles
- Rework display of restricted profiles with a redirect to the profile/restricted route
- Normalize permission checking with IHandleUserSession->isAuthenticated
- Remove unusable "nocache" parameter in feed module because session isn't initialized
- Reword setting name and description
 2022-12-01 08:03:35 -05:00
Hypolite Petovan
0d53c69610 Remove unused theme info value "events_in_profile" 
All public events (event if they are ownded by other users) are visible
 2022-12-01 08:03:34 -05:00
Philipp
bb97776dfb
The last PHPCS error .. 2022-11-07 20:35:07 +01:00
Philipp
d524f55e3e
Reduce error-throws :-) 2022-11-07 20:34:05 +01:00
Philipp
a81708091f
Make PHPCS happy 2022-11-07 20:32:55 +01:00
Philipp
2da2ac6826
make PHP CS happy? 2022-11-07 20:28:08 +01:00
Philipp
78a8ed6fe7
adhere feedback 2022-11-07 20:21:11 +01:00
Philipp
f13c91b320
Move mod/cal.php and mod/events.php to Module 2022-11-07 19:52:24 +01:00
Philipp
89fde911f9
Fix possible security issue 2022-11-07 19:52:13 +01:00
Philipp
7c4a7bff2e
Move new events routes to calendar routes 2022-11-02 15:16:24 +01:00