Hypolite Petovan
fb7f7435c0
Merge branch 'bug/phpinfo-accessible-hotfix' into 2020.09-rc
...
# Conflicts:
# src/Module/Admin/DBSync.php
# src/Module/Admin/Logs/Settings.php
# src/Module/Admin/Themes/Details.php
# src/Module/Admin/Themes/Embed.php
2020-09-08 14:07:46 -04:00
Hypolite Petovan
ee8689cc89
Merge branch 'bug/phpinfo-accessible-hotfix' into develop
...
# Conflicts:
# src/Module/Admin/DBSync.php
# src/Module/Admin/Logs/Settings.php
# src/Module/Admin/Themes/Details.php
# src/Module/Admin/Themes/Embed.php
2020-09-08 14:06:14 -04:00
Tobias Diekershoff
7679ff15d5
Version 2020.07-1
2020-09-08 20:01:12 +02:00
Tobias Diekershoff
717121c1a6
update CREDITS and CHANGELOG for the 2020.07-1 hotfix release
2020-09-08 20:00:56 +02:00
Tobias Diekershoff
fb721f8e30
Merge pull request #9166 from MrPetovan/bug/phpinfo-accessible-hotfix
...
[Hotfix] Fix security vulnerability in admin modules
2020-09-08 19:56:26 +02:00
Hypolite Petovan
3efa8648c5
Fix security vulnerability in admin modules
...
- The Module\BaseAdmin::post method checked credentials but didn't abort the process when it failed
- Created Module\BaseAdmin::checkAdminAccess method
2020-09-08 12:27:43 -04:00
Hypolite Petovan
9bc2c5a52e
Normalize use of form security tokens in Admin modules
...
# Conflicts:
# src/Module/Admin/Logs/Settings.php
2020-09-08 12:27:36 -04:00
Hypolite Petovan
2ce15cae1a
Use router parameters in Admin modules
...
- Remove 10 @TODO tags
# Conflicts:
# src/Module/Admin/DBSync.php
# src/Module/Admin/Themes/Details.php
# src/Module/Admin/Themes/Embed.php
2020-09-08 12:27:15 -04:00
Hypolite Petovan
d15f522752
Merge pull request #9143 from annando/api-count
...
API: Counts added, local query improved
2020-09-08 11:14:00 -04:00
Michael Vogel
8126947b90
Merge pull request #9160 from MrPetovan/bug/9138-escape-field-input
...
Add HTML escaping to field_input value
2020-09-08 04:00:36 +02:00
Michael Vogel
065ab017c7
Merge pull request #9161 from MrPetovan/bug/9140-private-note-self-only
...
Add a self-only ACL block to personal notes jot
2020-09-08 03:57:11 +02:00
Michael Vogel
9c5be32046
Merge pull request #9162 from MrPetovan/bug/8885-permissions-capitalization
...
[frio] Update capitalization of "Permissions" translation string
2020-09-08 03:50:58 +02:00
Michael
e45ccea0f2
Tabs instead of spaces
2020-09-08 01:45:59 +00:00
Michael
24f1bb4ea1
Class file renamed
2020-09-08 01:44:49 +00:00
Michael Vogel
2bb725fa30
Apply suggestions from code review
...
Co-authored-by: Hypolite Petovan <hypolite@mrpetovan.com>
2020-09-08 03:39:51 +02:00
Hypolite Petovan
6251feface
Regenerate base messages.po after translation string change
2020-09-07 21:25:26 -04:00
Hypolite Petovan
f1e36eac7d
Update capitalization of "Permissions" translation string
2020-09-07 21:25:04 -04:00
Hypolite Petovan
ef01fb7b21
Merge pull request #9159 from mpanhans/patch-1
...
Update Forums.md
2020-09-07 19:35:56 -04:00
mpanhans
f8e8c23c0c
Update Forums.md
2020-09-07 19:32:15 -04:00
Hypolite Petovan
5730da264b
Add a self-only ACL block to personal notes jot
2020-09-07 19:27:51 -04:00
Hypolite Petovan
5f5b97dad6
Create self-only ACL template and helper method
2020-09-07 19:27:32 -04:00
Hypolite Petovan
c4267bbca0
Remove unused jot.tpl template variables
2020-09-07 19:27:23 -04:00
Hypolite Petovan
aa7eb75e62
Add HTML escaping to field_input value
...
- Quotes weren't rendering in pre-populated fields
2020-09-07 18:53:04 -04:00
mpanhans
5eb2e3edfb
Update Forums.md
...
Update Forums help documentation to include the implemented front-end for page delegation.
2020-09-07 16:56:58 -04:00
Michael
59374eb6c6
Use "StatusCounts" class
2020-09-07 18:24:11 +00:00
Tobias Diekershoff
0f2bd07b28
ypot
2020-09-07 19:18:31 +02:00
Tobias Diekershoff
046ae6e978
some small additions and clarifications
2020-09-07 18:25:56 +02:00
Hypolite Petovan
dcac7f0a78
Merge pull request #9157 from tobiasd/20200907-9155lighttpd
...
lighttpd follow up of #9155
2020-09-07 11:55:19 -04:00
Michael Vogel
169a83b30e
Merge pull request #9158 from tobiasd/20200907-IT
...
IT translations THX Sylke Vicious
2020-09-07 16:57:21 +02:00
Michael
1bca280eae
StdClass instead of arrays
2020-09-07 14:34:05 +00:00
Michael
07ccfb212b
Merge remote-tracking branch 'upstream/2020.09-rc' into api-count
2020-09-07 14:29:02 +00:00
Tobias Diekershoff
1c5a0fc308
IT translations THX Sylke Vicious
2020-09-07 16:26:03 +02:00
Tobias Diekershoff
3df8439b98
lighttpd follow up of #9155
2020-09-07 14:37:24 +02:00
Tobias Diekershoff
2f168d17f4
Merge pull request #9155 from MrPetovan/bug/9154-forbid-bin
...
Forbid non-CLI access to command-line scripts
2020-09-07 13:01:10 +02:00
Tobias Diekershoff
6728b518ab
Merge pull request #9156 from annando/issue-9153
...
Issue 9153 Use "info" instead of "notice" on successful operations
2020-09-07 12:57:10 +02:00
Michael
f56e765158
Issue 9153 Use "info" instead of "notice" on successful operations
2020-09-07 10:17:42 +00:00
Hypolite Petovan
ae045eff41
Update nginx sample config with location deny for bin/ folder
2020-09-07 05:51:58 -04:00
Hypolite Petovan
06632536f3
Forbid non-CLI access to command-line scripts
2020-09-07 05:51:26 -04:00
Hypolite Petovan
3bd8b81154
Prevents Apache from serving CLI scripts
2020-09-07 05:43:20 -04:00
Hypolite Petovan
b530ef709d
Merge pull request #9147 from annando/Issue-8882
...
Issue 8882: Fixes permissions of pinned posts
2020-09-07 03:14:25 -04:00
Tobias Diekershoff
f997b36085
Merge pull request #9152 from annando/fix-notifications
...
Fix notifications for wrong users
2020-09-07 07:19:10 +02:00
Michael
90315e3434
Don't perform actions on empty conditions
2020-09-07 05:00:17 +00:00
Michael
2a0635185a
Fix notifications for wrong users
2020-09-07 04:36:28 +00:00
Michael
4852458645
Simplify the code / check number of parameters in mergeConditions
2020-09-06 20:28:08 +00:00
Hypolite Petovan
e92904c3f3
Merge pull request #9149 from annando/issue-9099
...
Issue 9099: Improve mentions from non followers
2020-09-06 16:16:20 -04:00
Michael
0684922ec2
Use array_unique
2020-09-06 20:09:29 +00:00
Michael
d332272d55
Issue 9099: Improve mentions from non followers
2020-09-06 19:22:53 +00:00
Tobias Diekershoff
ee13d074e0
Merge pull request #9148 from annando/issue-9142
...
Issue 9142: Make the message ID look more like a message ID
2020-09-06 20:26:06 +02:00
Michael
5b6ced9c6e
Issue 9142: Make the message ID look more like a message ID
2020-09-06 17:47:25 +00:00
Michael
8d0d6bcd0c
Issue 8882: Fixes permissions of pinned posts
2020-09-06 15:05:42 +00:00