friendica
/
friendica
mirror of https://github.com/friendica/friendica
6
0
Fork 1
Code Issues Packages Projects Releases 1 Wiki Activity
39,159 Commits 2 Branches 63 Tags 238 MiB
Commit Graph

25 Commits

Author SHA1 Message Date
Hypolite Petovan 5c5d7eb04f
Fix several vulnerabilities (#13927) 
* Escape HTML in the location field of a calendar event post

- This allowed script tags to be interpreted in the post display of an event.

* Add form security token check to /admin/phpinfo module

- This prevents basic XSS attacks against /admin/phpinfo

* Add form security token check to /babel module

- This prevents basic XSS attacks against /babel

* Prevent pass-through for attachments

- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload

* Prevent overwriting cid on event edit

- This allowed to share an event as any other user after zeroing the cid field of an existing event
 2024-02-22 06:53:52 +01:00
Michael 89e7420237 Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
Hypolite Petovan 1874a32728 Happy New Year 2023! 2023-01-01 09:36:24 -05:00
Hypolite Petovan 18f54f4425 New area "moderation" 
- Moved several admin pages to the moderation area
- ACL still is checking for administrator credentials
 2022-11-08 02:28:42 -05:00
Philipp Holzer 44a9683008
Move "submanage" Session value into own methods 2022-10-21 19:35:34 +02:00
Philipp Holzer eecc456e0c
UserSession class [5] - Refactor src/Module/ files with DI 2022-10-20 22:59:39 +02:00
Michael d3e167c77c All references to boot.php are now removed 2022-10-19 20:38:25 +00:00
Hypolite Petovan 47d9f91009 Add missing use statements in modules classes 2022-10-19 09:02:53 -04:00
Michael d2da2492b7 old boot.php functions replaced in src/module 2022-10-19 08:53:45 -04:00
Michael fdfa1f8630 The notice and info have been moved 2022-10-17 18:55:22 +00:00
Roland Häder dfa95ea58d
Changes: 
- added type-hints
- added documentation
 2022-06-22 14:36:45 +02:00
Balázs Úr e56a53647b Update copyright 2022-01-02 08:27:47 +01:00
Philipp Holzer 8bdd90066f
Make `BaseModule` a real entity 
- Add all dependencies, necessary to run the content (baseUrl, Arguments)
- Encapsulate all POST/GET/DELETE/PATCH/PUT methods as protected methods inside the BaseModule
- Return Module content ONLY per `BaseModule::run()` (including the Hook logic there as well)
 2021-11-27 12:40:36 +01:00
Philipp Holzer 489cd0884a
Make BaseModule methods dynamic 2021-11-14 23:49:06 +01:00
Philipp Holzer 714f0febc4
Replace `$parameters` argument per method with `static::$parameters` 2021-11-14 23:49:05 +01:00
Michael 63da4a75e9 The boot.php had been cleared of most functions 2021-11-04 20:29:59 +00:00
Philipp Holzer 97bafb3a59
Extract Storage admin section to own page 2021-07-24 19:00:58 +02:00
Balázs Úr 054c301ef0 Update copyright 2021-03-29 08:40:20 +02:00
Tobias Diekershoff 56bbf9015a silkevicious found a typo 2020-09-15 15:38:31 +02:00
Hypolite Petovan fb7f7435c0 Merge branch 'bug/phpinfo-accessible-hotfix' into 2020.09-rc 
# Conflicts:
#	src/Module/Admin/DBSync.php
#	src/Module/Admin/Logs/Settings.php
#	src/Module/Admin/Themes/Details.php
#	src/Module/Admin/Themes/Embed.php
 2020-09-08 14:07:46 -04:00
Hypolite Petovan 3efa8648c5 Fix security vulnerability in admin modules 
- The Module\BaseAdmin::post method checked credentials but didn't abort the process when it failed
- Created Module\BaseAdmin::checkAdminAccess method
 2020-09-08 12:27:43 -04:00
Hypolite Petovan 0a71495fa4 Add new admin debug module for ActivityPub 2020-07-20 00:39:17 -04:00
Hypolite Petovan 9c6fbc6a74 Update references to the friendica/friendica stable branch 2020-06-30 15:25:16 -04:00
nupplaPhil 23c64b9a11
Add license info at Friendica classes 2020-02-09 15:45:36 +01:00
Hypolite Petovan 5670c19d5c Move/rename base module classes 2020-01-29 23:23:07 -05:00
Renamed from src/Module/BaseAdminModule.php (Browse further)