friendica/friendica
6
0
Fork 1
mirror of https://github.com/friendica/friendica synced 2024-06-14 16:56:25 +02:00
Code Issues Packages Projects Releases 1 Wiki Activity
38922 commits 3 branches 63 tags 246 MiB
Commit graph

18 commits

Author SHA1 Message Date
Hypolite Petovan 5c5d7eb04f
Fix several vulnerabilities (#13927) 
* Escape HTML in the location field of a calendar event post

- This allowed script tags to be interpreted in the post display of an event.

* Add form security token check to /admin/phpinfo module

- This prevents basic XSS attacks against /admin/phpinfo

* Add form security token check to /babel module

- This prevents basic XSS attacks against /babel

* Prevent pass-through for attachments

- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload

* Prevent overwriting cid on event edit

- This allowed to share an event as any other user after zeroing the cid field of an existing event
 2024-02-22 06:53:52 +01:00
Michael 89e7420237 Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
Hypolite Petovan 1874a32728 Happy New Year 2023! 2023-01-01 09:36:24 -05:00
Michael f6167b4cfd New function to exit the program 2022-05-18 02:13:54 +00:00
Michael 4e9d7df31a Add missing DI 2022-05-17 21:26:35 +00:00
Michael 4016a576d5 Log the execution time 2022-05-17 20:47:23 +00:00
Balázs Úr e56a53647b Update copyright 2022-01-02 08:27:47 +01:00
Philipp Holzer 8bdd90066f
Make BaseModule a real entity 
- Add all dependencies, necessary to run the content (baseUrl, Arguments)
- Encapsulate all POST/GET/DELETE/PATCH/PUT methods as protected methods inside the BaseModule
- Return Module content ONLY per `BaseModule::run()` (including the Hook logic there as well)
 2021-11-27 12:40:36 +01:00
Philipp Holzer 489cd0884a
Make BaseModule methods dynamic 2021-11-14 23:49:06 +01:00
Philipp Holzer 714f0febc4
Replace $parameters argument per method with static::$parameters 2021-11-14 23:49:05 +01:00
Balázs Úr 054c301ef0 Update copyright 2021-03-29 08:40:20 +02:00
Hypolite Petovan 3efa8648c5 Fix security vulnerability in admin modules 
- The Module\BaseAdmin::post method checked credentials but didn't abort the process when it failed
- Created Module\BaseAdmin::checkAdminAccess method
 2020-09-08 12:27:43 -04:00
nupplaPhil 23c64b9a11
Add license info at Friendica classes 2020-02-09 15:45:36 +01:00
Hypolite Petovan 5670c19d5c Move/rename base module classes 2020-01-29 23:23:07 -05:00
Michael 8c03bdada9 parameters now are having a default value and are optional 2019-11-05 21:48:54 +00:00
Michael abe6724629 Added parameter to rawContent 2019-11-05 19:16:26 +00:00
Hypolite Petovan 92b415bc36 Fix EOL and EOF in Admin modules 2019-05-02 09:55:50 -04:00
Hypolite Petovan fa4b42c6dd Move phpinfo module to src/Module/Admin 2019-05-02 09:52:53 -04:00