friendica
/
friendica
mirror of https://github.com/friendica/friendica
6
0
Fork 1
Code Issues Packages Projects Releases 1 Wiki Activity
39,159 Commits 2 Branches 63 Tags 238 MiB
Commit Graph

27 Commits

Author SHA1 Message Date
Hypolite Petovan 5c5d7eb04f
Fix several vulnerabilities (#13927) 
* Escape HTML in the location field of a calendar event post

- This allowed script tags to be interpreted in the post display of an event.

* Add form security token check to /admin/phpinfo module

- This prevents basic XSS attacks against /admin/phpinfo

* Add form security token check to /babel module

- This prevents basic XSS attacks against /babel

* Prevent pass-through for attachments

- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload

* Prevent overwriting cid on event edit

- This allowed to share an event as any other user after zeroing the cid field of an existing event
 2024-02-22 06:53:52 +01:00
Michael 89e7420237 Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
Josh Soref 88e0725625 spelling: permission 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2023-03-26 16:14:16 -04:00
Hypolite Petovan 1874a32728 Happy New Year 2023! 2023-01-01 09:36:24 -05:00
Philipp Holzer d0b16b2fc1
Move mod/fbrowser to src\Modules\Attachment|Photos\Browser 2022-11-26 22:26:30 +01:00
Michael f6167b4cfd New function to exit the program 2022-05-18 02:13:54 +00:00
Michael 4016a576d5 Log the execution time 2022-05-17 20:47:23 +00:00
Balázs Úr e56a53647b Update copyright 2022-01-02 08:27:47 +01:00
Philipp Holzer 8bdd90066f
Make `BaseModule` a real entity 
- Add all dependencies, necessary to run the content (baseUrl, Arguments)
- Encapsulate all POST/GET/DELETE/PATCH/PUT methods as protected methods inside the BaseModule
- Return Module content ONLY per `BaseModule::run()` (including the Hook logic there as well)
 2021-11-27 12:40:36 +01:00
Philipp Holzer 5879535822
Switch `static::$parameters` to `$this->parameters` 2021-11-14 23:49:07 +01:00
Philipp Holzer 489cd0884a
Make BaseModule methods dynamic 2021-11-14 23:49:06 +01:00
Philipp Holzer 714f0febc4
Replace `$parameters` argument per method with `static::$parameters` 2021-11-14 23:49:05 +01:00
Michael f6faae5bb1 Replace deprecated `log` calls 2021-10-20 18:53:52 +00:00
Michael df558d4056 Completely removed argc/argv 2021-07-25 15:23:37 +00:00
Philipp Holzer 965cd8b096
Fix PHP 7.0 Coding Standards 2021-05-22 23:47:35 +02:00
Balázs Úr 054c301ef0 Update copyright 2021-03-29 08:40:20 +02:00
nupplaPhil 85dc9bb96b
Add license info at Friendica PHP files 2020-02-09 16:18:46 +01:00
Philipp Holzer d6efc90194
cleanup namespace usages for L10n 2020-01-19 16:31:33 +01:00
Philipp Holzer 5dfee31108
Move L10n::t() calls to DI::l10n()->t() calls 2020-01-19 16:31:16 +01:00
Michael 0a4119adaf @brief is removed completely 2020-01-19 06:05:23 +00:00
Philipp Holzer 1de3f186d7
Introduce new DI container 
- Adding Friendica\DI class for getting dynamic classes
- Replacing BaseObject::getApp() with this class
 2019-12-29 20:16:55 +01:00
Michael 8c03bdada9 parameters now are having a default value and are optional 2019-11-05 21:48:54 +00:00
Michael abe6724629 Added parameter to rawContent 2019-11-05 19:16:26 +00:00
Hypolite Petovan 41f781c52a Replace System::httpExit() by HTTPException throwing 2019-05-02 11:37:09 -04:00
Philipp Holzer b6b9e57488
Add routes for current BaseModules 2019-05-01 20:16:21 +02:00
fabrixxm 518f28a7bf Small fixes 
- Avoid an intermediate variable
- Use `rawContent()` in `Attach` module
- Small typo
 2019-01-21 10:08:09 -05:00
fabrixxm fc2b804ccc Move mod/attach to src, add Attach model, update attach table to use storage backends 2019-01-21 10:00:44 -05:00