Friendica/friendica-github
1
0
Fork 1
mirror of https://github.com/friendica/friendica synced 2025-02-06 14:18:51 +00:00
Code Issues Projects Releases Packages Wiki Activity
39206 commits 2 branches 67 tags 247 MiB
Commit graph

53 commits

Author SHA1 Message Date
Hypolite Petovan
e16b6ee6e1
Check form security token in /settings/userexport module (#13929) 
* Escape HTML in the location field of a calendar event post

- This allowed script tags to be interpreted in the post display of an event.

* Add form security token check to /admin/phpinfo module

- This prevents basic XSS attacks against /admin/phpinfo

* Add form security token check to /babel module

- This prevents basic XSS attacks against /babel

* Prevent pass-through for attachments

- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload

* Prevent overwriting cid on event edit

- This allowed to share an event as any other user after zeroing the cid field of an existing event

* Check form security token in /settings/userexport module

- Prevents basic XSS attacks against /settings/userexport/*
 2024-02-22 21:08:32 +01:00
Michael
89e7420237 Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
Hypolite Petovan
4f7740264e Replace "group" with "circle" in the rest of the code 
- Remaining mentions already mean "forum"
 2023-05-27 22:01:45 -04:00
Hypolite Petovan
1874a32728 Happy New Year 2023! 2023-01-01 09:36:24 -05:00
Hypolite Petovan
eedde86a37 Remove superfluous property declaration in Settings\UserExport 
- Address https://github.com/friendica/friendica/issues/11992#issuecomment-1312417007
 2022-11-12 08:37:42 -05:00
Hypolite Petovan
dc2d96a502 Fix condition for follows export 
- Select follows instead of followers
- Filter out archived contacts
 2022-10-24 18:21:10 -04:00
Hypolite Petovan
142b399c84 Reformat Module\Settings\UserExport 
- Import IHandleUserSessions and DbaDefinition object in constructor
- Convert remaining double quotes to single quotes
- Convert static methods to dynamic to use class properties
- Remove unused POST permission from route
 2022-10-24 18:14:59 -04:00
Philipp
eecc456e0c
UserSession class [5] - Refactor src/Module/ files with DI 2022-10-20 22:59:39 +02:00
Michael
ae6d67ed1f old boot.php functions replaced in src/module (3) 2022-10-19 09:14:24 -04:00
Michael
62a0d55fc8 The friendica constants have been moved to the app class 2022-10-17 10:37:48 +00:00
Philipp
a910fd8864
Split DBStructure & View to avoid DB-calls and dependencies for basic operations 
- new "Definition" classes vor DB and Views
- new "Writer" classes to create SQL definitions for DB and Views
- DBStructure & View are responsible to execute DB-querys
 2022-07-12 23:40:31 +02:00
Michael
f6167b4cfd New function to exit the program 2022-05-18 02:13:54 +00:00
Michael
4016a576d5 Log the execution time 2022-05-17 20:47:23 +00:00
Philipp
c588b280d7
Fix all license header & be less aggressive 2022-01-07 00:35:28 +01:00
Balázs Úr
e56a53647b Update copyright 2022-01-02 08:27:47 +01:00
Philipp
8bdd90066f
Make BaseModule a real entity 
- Add all dependencies, necessary to run the content (baseUrl, Arguments)
- Encapsulate all POST/GET/DELETE/PATCH/PUT methods as protected methods inside the BaseModule
- Return Module content ONLY per `BaseModule::run()` (including the Hook logic there as well)
 2021-11-27 12:40:36 +01:00
Philipp
489cd0884a
Make BaseModule methods dynamic 2021-11-14 23:49:06 +01:00
Philipp
714f0febc4
Replace $parameters argument per method with static::$parameters 2021-11-14 23:49:05 +01:00
Michael
3972fe62fe More replaced "q" calls 2021-10-08 04:10:45 +00:00
Michael
15b93b4459 "getUserNickname" is now "getLoggedInUserNickname" 2021-08-09 19:48:39 +00:00
Michael
b8fa75b2dd Changed function name 2021-08-09 15:29:07 +00:00
Michael
9f01052dd2 Removed some more unused "use" 2021-08-08 20:03:28 +00:00
Michael
28090bd793 Get rid of App->user completely 2021-08-08 19:30:21 +00:00
Michael
fc283ab928 Remove direct calls to App->user 2021-08-08 10:14:56 +00:00
Hypolite Petovan
acbcc56754 Prevent settings/userexport to be used by anonymous users 
- Add forbidden exceptions in module methods
- Add runtime exceptions in individual export methods
 2021-04-01 19:29:21 -04:00
Balázs Úr
054c301ef0 Update copyright 2021-03-29 08:40:20 +02:00
Michael
8f27715d8b "item" is replaced whenever possible at the moment 2021-02-06 13:42:21 +00:00
Michael
b892db0cf3 All item selects are now done by the post class 2021-01-19 07:23:01 +00:00
Michael
7ca7bf2b35 Simplified code in the uexport 2020-09-27 14:08:41 +00:00
Michael
845ab4b764 Prevent empty fields on contact export via CSV 2020-09-27 10:27:31 +00:00
Michael
4ba42bc06a Issue 9281: User export now exports data 2020-09-27 10:24:15 +00:00
Hypolite Petovan
40d12b85c4 Loop on expected fields instead of existing fields in Settings\UserExport 
- We don't delete fields, so there can be more fields in the database than in the DB structure
- Address https://github.com/friendica/friendica/issues/8877#issuecomment-663875895
 2020-08-20 09:30:50 -04:00
nupplaPhil
85dc9bb96b
Add license info at Friendica PHP files 2020-02-09 16:18:46 +01:00
Hypolite Petovan
5670c19d5c Move/rename base module classes 2020-01-29 23:23:07 -05:00
Hypolite Petovan
e8bf74914b Update user import/export with profile fields 
- Account for backward compatibility when exporting: add values for profile.is-default and profile.profile-name fields
- Account for forward compatibility when importing: migrate legacy profiles to custom profile fields
 2020-01-22 19:42:37 -05:00
SpencerDub
2091ae0776
Fix "accout" typo 2020-01-21 22:22:45 -08:00
nupplaPhil
174129af94
add missing namespaces/fix wrong class-names 2020-01-19 16:31:35 +01:00
nupplaPhil
d6efc90194
cleanup namespace usages for L10n 2020-01-19 16:31:33 +01:00
nupplaPhil
5dfee31108
Move L10n::t() calls to DI::l10n()->t() calls 2020-01-19 16:31:16 +01:00
nupplaPhil
3f34229752
Move redundant System::baseUrl() to DI::baseUrl() calls 2019-12-30 23:00:08 +01:00
nupplaPhil
388b963714
Replace BaseObject class with DI::* calls 2019-12-29 20:17:38 +01:00
nupplaPhil
1de3f186d7
Introduce new DI container 
- Adding Friendica\DI class for getting dynamic classes
- Replacing BaseObject::getApp() with this class
 2019-12-29 20:16:55 +01:00
Michael
8c03bdada9 parameters now are having a default value and are optional 2019-11-05 21:48:54 +00:00
Michael
bd62d548db Added parameters 2019-11-05 20:22:54 +00:00
Michael
abe6724629 Added parameter to rawContent 2019-11-05 19:16:26 +00:00
Tobias Diekershoff
d3122c396e really there is no App 2019-11-03 15:53:32 +01:00
Tobias Diekershoff
9b03e2a564 there was no App 2019-11-03 15:07:29 +01:00
Tobias Diekershoff
0c873a0548 mv q() to DBA::select() 2019-11-03 14:03:11 +01:00
Tobias Diekershoff
e5e87d546d we only need one contact export, D* _only_ exports the entire profile 2019-11-03 12:59:14 +01:00
Tobias Diekershoff
955a84a266 added export and import of followed contacts to and from CSV files 2019-11-03 00:12:16 +01:00