1
1
Fork 0
Commit graph

28404 commits

Author SHA1 Message Date
Michael Vogel
b922d7ae28
Merge pull request #9169 from MrPetovan/bug/9163-double-location
Prevent double location display in vcard
2020-09-09 07:48:33 +02:00
89f75406fa added Roger Meyer to the credits 2020-09-09 07:43:41 +02:00
b248470376 Show "retweet" icon 2020-09-09 05:35:04 +00:00
6ad75f5b41 Remove over-specific location fields from vcard in favor of "location" 2020-09-09 01:21:56 -04:00
206caaf51a Reshared data now is a link 2020-09-09 04:49:42 +00:00
42dcd6646e Issue 9135: Display only reshared posts at the top 2020-09-08 22:06:10 +00:00
fb7f7435c0 Merge branch 'bug/phpinfo-accessible-hotfix' into 2020.09-rc
# Conflicts:
#	src/Module/Admin/DBSync.php
#	src/Module/Admin/Logs/Settings.php
#	src/Module/Admin/Themes/Details.php
#	src/Module/Admin/Themes/Embed.php
2020-09-08 14:07:46 -04:00
ee8689cc89 Merge branch 'bug/phpinfo-accessible-hotfix' into develop
# Conflicts:
#	src/Module/Admin/DBSync.php
#	src/Module/Admin/Logs/Settings.php
#	src/Module/Admin/Themes/Details.php
#	src/Module/Admin/Themes/Embed.php
2020-09-08 14:06:14 -04:00
7679ff15d5 Version 2020.07-1 2020-09-08 20:01:12 +02:00
717121c1a6 update CREDITS and CHANGELOG for the 2020.07-1 hotfix release 2020-09-08 20:00:56 +02:00
fb721f8e30
Merge pull request #9166 from MrPetovan/bug/phpinfo-accessible-hotfix
[Hotfix] Fix security vulnerability in admin modules
2020-09-08 19:56:26 +02:00
3efa8648c5 Fix security vulnerability in admin modules
- The Module\BaseAdmin::post method checked credentials but didn't abort the process when it failed
- Created Module\BaseAdmin::checkAdminAccess method
2020-09-08 12:27:43 -04:00
9bc2c5a52e Normalize use of form security tokens in Admin modules
# Conflicts:
#	src/Module/Admin/Logs/Settings.php
2020-09-08 12:27:36 -04:00
2ce15cae1a Use router parameters in Admin modules
- Remove 10 @TODO tags

# Conflicts:
#	src/Module/Admin/DBSync.php
#	src/Module/Admin/Themes/Details.php
#	src/Module/Admin/Themes/Embed.php
2020-09-08 12:27:15 -04:00
d15f522752
Merge pull request #9143 from annando/api-count
API: Counts added, local query improved
2020-09-08 11:14:00 -04:00
Michael Vogel
8126947b90
Merge pull request #9160 from MrPetovan/bug/9138-escape-field-input
Add HTML escaping to field_input value
2020-09-08 04:00:36 +02:00
Michael Vogel
065ab017c7
Merge pull request #9161 from MrPetovan/bug/9140-private-note-self-only
Add a self-only ACL block to personal notes jot
2020-09-08 03:57:11 +02:00
Michael Vogel
9c5be32046
Merge pull request #9162 from MrPetovan/bug/8885-permissions-capitalization
[frio] Update capitalization of "Permissions" translation string
2020-09-08 03:50:58 +02:00
e45ccea0f2 Tabs instead of spaces 2020-09-08 01:45:59 +00:00
24f1bb4ea1 Class file renamed 2020-09-08 01:44:49 +00:00
Michael Vogel
2bb725fa30
Apply suggestions from code review
Co-authored-by: Hypolite Petovan <hypolite@mrpetovan.com>
2020-09-08 03:39:51 +02:00
6251feface Regenerate base messages.po after translation string change 2020-09-07 21:25:26 -04:00
f1e36eac7d Update capitalization of "Permissions" translation string 2020-09-07 21:25:04 -04:00
ef01fb7b21
Merge pull request #9159 from mpanhans/patch-1
Update Forums.md
2020-09-07 19:35:56 -04:00
mpanhans
f8e8c23c0c
Update Forums.md 2020-09-07 19:32:15 -04:00
5730da264b Add a self-only ACL block to personal notes jot 2020-09-07 19:27:51 -04:00
5f5b97dad6 Create self-only ACL template and helper method 2020-09-07 19:27:32 -04:00
c4267bbca0 Remove unused jot.tpl template variables 2020-09-07 19:27:23 -04:00
aa7eb75e62 Add HTML escaping to field_input value
- Quotes weren't rendering in pre-populated fields
2020-09-07 18:53:04 -04:00
mpanhans
5eb2e3edfb
Update Forums.md
Update Forums help documentation to include the implemented front-end for page delegation.
2020-09-07 16:56:58 -04:00
59374eb6c6 Use "StatusCounts" class 2020-09-07 18:24:11 +00:00
0f2bd07b28 ypot 2020-09-07 19:18:31 +02:00
046ae6e978 some small additions and clarifications 2020-09-07 18:25:56 +02:00
dcac7f0a78
Merge pull request #9157 from tobiasd/20200907-9155lighttpd
lighttpd follow up of #9155
2020-09-07 11:55:19 -04:00
Michael Vogel
169a83b30e
Merge pull request #9158 from tobiasd/20200907-IT
IT translations THX Sylke Vicious
2020-09-07 16:57:21 +02:00
1bca280eae StdClass instead of arrays 2020-09-07 14:34:05 +00:00
07ccfb212b Merge remote-tracking branch 'upstream/2020.09-rc' into api-count 2020-09-07 14:29:02 +00:00
1c5a0fc308 IT translations THX Sylke Vicious 2020-09-07 16:26:03 +02:00
3df8439b98 lighttpd follow up of #9155 2020-09-07 14:37:24 +02:00
2f168d17f4
Merge pull request #9155 from MrPetovan/bug/9154-forbid-bin
Forbid non-CLI access to command-line scripts
2020-09-07 13:01:10 +02:00
6728b518ab
Merge pull request #9156 from annando/issue-9153
Issue 9153 Use "info" instead of "notice" on successful operations
2020-09-07 12:57:10 +02:00
f56e765158 Issue 9153 Use "info" instead of "notice" on successful operations 2020-09-07 10:17:42 +00:00
ae045eff41 Update nginx sample config with location deny for bin/ folder 2020-09-07 05:51:58 -04:00
06632536f3 Forbid non-CLI access to command-line scripts 2020-09-07 05:51:26 -04:00
3bd8b81154 Prevents Apache from serving CLI scripts 2020-09-07 05:43:20 -04:00
b530ef709d
Merge pull request #9147 from annando/Issue-8882
Issue 8882: Fixes permissions of pinned posts
2020-09-07 03:14:25 -04:00
f997b36085
Merge pull request #9152 from annando/fix-notifications
Fix notifications for wrong users
2020-09-07 07:19:10 +02:00
90315e3434 Don't perform actions on empty conditions 2020-09-07 05:00:17 +00:00
2a0635185a Fix notifications for wrong users 2020-09-07 04:36:28 +00:00
4852458645 Simplify the code / check number of parameters in mergeConditions 2020-09-06 20:28:08 +00:00