friendica/friendica
6
0
Fork 1
mirror of https://github.com/friendica/friendica synced 2024-06-14 06:06:24 +02:00
Code Issues Packages Projects Releases 1 Wiki Activity
38922 commits 3 branches 63 tags 246 MiB
Commit graph

12 commits

Author SHA1 Message Date
Hypolite Petovan 5c5d7eb04f
Fix several vulnerabilities (#13927) 
* Escape HTML in the location field of a calendar event post

- This allowed script tags to be interpreted in the post display of an event.

* Add form security token check to /admin/phpinfo module

- This prevents basic XSS attacks against /admin/phpinfo

* Add form security token check to /babel module

- This prevents basic XSS attacks against /babel

* Prevent pass-through for attachments

- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload

* Prevent overwriting cid on event edit

- This allowed to share an event as any other user after zeroing the cid field of an existing event
 2024-02-22 06:53:52 +01:00
Michael 89e7420237 Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
Hypolite Petovan da1416c07f Move System::httpExit to BaseModule->httpExit 
- This will ensure headers set in BaseModule->run will be carried in httpExit scenarios
- Deprecate httpExit() method in Core\System
 2023-09-24 07:08:15 -04:00
Hypolite Petovan 4f7740264e Replace "group" with "circle" in the rest of the code 
- Remaining mentions already mean "forum"
 2023-05-27 22:01:45 -04:00
Hypolite Petovan 1874a32728 Happy New Year 2023! 2023-01-01 09:36:24 -05:00
Michael 9115ec5f0d Adjust class references to the new location 2022-12-30 21:20:28 +00:00
Hypolite Petovan 349436a77a Fix event start time not being properly converted to UTC 
- This was triggering unexpected time comparison errors
 2022-12-04 06:37:36 -05:00
Hypolite Petovan 1b71b963d7 Fix description not being populated in event form when there's a validation error 2022-12-04 06:37:36 -05:00
Philipp Holzer a81708091f
Make PHPCS happy 2022-11-07 20:32:55 +01:00
Philipp Holzer 2da2ac6826
make PHP CS happy? 2022-11-07 20:28:08 +01:00
Philipp Holzer 78a8ed6fe7
adhere feedback 2022-11-07 20:21:11 +01:00
Philipp Holzer f13c91b320
Move mod/cal.php and mod/events.php to Module 2022-11-07 19:52:24 +01:00