friendica
/
friendica
mirror of https://github.com/friendica/friendica
6
0
Fork 1
Code Issues Packages Projects Releases 1 Wiki Activity
39,159 Commits 2 Branches 63 Tags 238 MiB
Commit Graph

78 Commits

Author SHA1 Message Date
Hypolite Petovan 5c5d7eb04f
Fix several vulnerabilities (#13927) 
* Escape HTML in the location field of a calendar event post

- This allowed script tags to be interpreted in the post display of an event.

* Add form security token check to /admin/phpinfo module

- This prevents basic XSS attacks against /admin/phpinfo

* Add form security token check to /babel module

- This prevents basic XSS attacks against /babel

* Prevent pass-through for attachments

- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload

* Prevent overwriting cid on event edit

- This allowed to share an event as any other user after zeroing the cid field of an existing event
 2024-02-22 06:53:52 +01:00
Michael 89e7420237 Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
Michael 8bb33dccd1 Unified BBCode conversion, improved proxy functionality 2023-07-15 20:12:08 +00:00
Philipp 544168244c Apply suggestions from code review 
Co-authored-by: Hypolite Petovan <hypolite@mrpetovan.com>
 2023-02-19 11:12:48 +01:00
Philipp Holzer f0c29edcde
Adapt BaseURL calls to new UriInterface 2023-02-18 21:12:21 +01:00
Hypolite Petovan 1874a32728 Happy New Year 2023! 2023-01-01 09:36:24 -05:00
Philipp Holzer bf39b5a948
Fix messages.po issue 2022-10-21 10:19:13 +02:00
Philipp Holzer eecc456e0c
UserSession class [5] - Refactor src/Module/ files with DI 2022-10-20 22:59:39 +02:00
Michael c9f17e1ef5 old boot.php functions replaced in src/module (2) 2022-10-19 09:06:09 -04:00
Michael fdfa1f8630 The notice and info have been moved 2022-10-17 18:55:22 +00:00
Michael 87a945b295 More prevention of double processing of the same content 2022-08-06 17:06:55 +00:00
Michael 1d13574225 Fetching of missing posts is reworked 2022-07-21 05:16:14 +00:00
Hypolite Petovan da32fa8fa6 Create ActivityPub\FetchQueue and ActivityPub\FetchQueueItem classes 
- These classes are used to flatten the recursive missing activity fetch that can hit PHP's maximum function nesting limit
- The original caller is responsible for processing the remaining queue once the original activity has been fetched
 2022-06-25 12:40:54 -04:00
Michael f6167b4cfd New function to exit the program 2022-05-18 02:13:54 +00:00
Michael 4016a576d5 Log the execution time 2022-05-17 20:47:23 +00:00
Philipp Holzer e299fc67c8
Introduce "accept_header" as specific argument to the http client 2022-04-02 21:16:53 +02:00
Philipp Holzer 73c3b21665
Move ACCEPT constants to own "enum" class 2022-04-02 20:26:11 +02:00
Michael 1fae0123ec Some more "accept" parameters are added 2022-03-29 06:24:20 +00:00
Michael 8c778ca02e Improved completion check for AP 2022-03-12 11:17:33 +00:00
Balázs Úr e56a53647b Update copyright 2022-01-02 08:27:47 +01:00
Philipp Holzer 2e4d654c0a Make $_REQUEST processing independent of sub-calls 
- Move HTTPInputData::process() into App::runFrontend()
- Pass $_REQUEST (including processed Input) to every Module method
- Delete $_POST parameters at Module post() calls because of $_REQUEST
 2021-11-30 01:07:58 -05:00
Philipp Holzer 561aba18e3
Introduce `Response` for Modules to create a testable way for module responses 2021-11-27 12:40:38 +01:00
Philipp Holzer 8bdd90066f
Make `BaseModule` a real entity 
- Add all dependencies, necessary to run the content (baseUrl, Arguments)
- Encapsulate all POST/GET/DELETE/PATCH/PUT methods as protected methods inside the BaseModule
- Return Module content ONLY per `BaseModule::run()` (including the Hook logic there as well)
 2021-11-27 12:40:36 +01:00
Philipp Holzer 645e4edc63
Revert "Revert "Replace Module::init() with Constructors"" 
This reverts commit 89d6c89b67.
 2021-11-19 20:18:48 +01:00
Hypolite Petovan 89d6c89b67
Revert "Replace Module::init() with Constructors" 2021-11-19 07:23:23 -05:00
Philipp Holzer dab9e13c69
Replace $this->l10n->t() with $this->t() for Modules 2021-11-18 23:23:58 +01:00
Philipp Holzer ce578a7745
Replace Module::init() with Constructors 2021-11-17 22:14:33 +01:00
Philipp Holzer 5879535822
Switch `static::$parameters` to `$this->parameters` 2021-11-14 23:49:07 +01:00
Philipp Holzer 489cd0884a
Make BaseModule methods dynamic 2021-11-14 23:49:06 +01:00
Philipp Holzer 714f0febc4
Replace `$parameters` argument per method with `static::$parameters` 2021-11-14 23:49:05 +01:00
Michael 57353eb9b0 Changed scope 2021-10-31 04:54:24 +00:00
Philipp Holzer 13a91e63aa
Rename DI::httpRequest() into DI::httpClient() 2021-08-25 21:54:54 +02:00
Hypolite Petovan 7a8d800024 Add probe support to `@user@domain.tld` search string format 2021-08-24 12:46:01 -04:00
Hypolite Petovan a04944d443 Allow contact creation in Module\Debug\Feed 
- This module only allowed existing contact feeeds to be debugged
 2021-08-17 08:20:58 -04:00
Michael df558d4056 Completely removed argc/argv 2021-07-25 15:23:37 +00:00
Michael 2502a9192d Many more app-variables removed 2021-07-24 10:09:39 +00:00
Balázs Úr 054c301ef0 Update copyright 2021-03-29 08:40:20 +02:00
Hypolite Petovan 93823ecef5 Move HTML purification to own method in Content\Text\HTML 2021-03-14 14:19:33 -04:00
Michael 972c9f7bc0 Issue 9743: Added translatable texts 2021-03-08 21:17:27 +00:00
Michael 312c01a517 Several speed improvements (magiclink, caching, indexes) 2021-02-17 18:59:19 +00:00
Hypolite Petovan b2680bffb0 Babel: Support tweet URL 2021-02-09 23:26:02 -05:00
Michael 2fa692bcce New post class in the rest of the classes 2021-01-16 04:16:09 +00:00
Hypolite Petovan 65f74da45b Add translation to required labels on input fields 
- Normalize display of required label
- Remove unused field_richtext template
 2020-12-19 22:52:45 -05:00
Hypolite Petovan a382798999 Add some more result panels to Babel 2020-12-04 07:29:48 -05:00
Michael f09d9bc9cc Remove url caching, locking cleanup 2020-08-06 18:53:45 +00:00
Michael Vogel 398e65d66b
Merge pull request #8911 from MrPetovan/task/curl_DI 
Introduce "HTTPRequest" class
 2020-07-25 09:50:20 +02:00
Michael 3fc3ded750 Useless info messages removed 2020-07-23 06:11:21 +00:00
nupplaPhil 657d08f09f Rename "fetchUrl" and "fetchUrlFull" to "fetch" and "fetchFull" 2020-07-21 03:15:53 -04:00
nupplaPhil 1aa07f87a4 Make "HTTPRequest::fetchUrl" dynamic 2020-07-21 03:04:58 -04:00
nupplaPhil 5344efef71 Move post/curl/fetchUrl/fetchUrlFull to own class "Network\HTTPRequest" 2020-07-21 02:56:10 -04:00