friendica/friendica
6
0
Fork 1
mirror of https://github.com/friendica/friendica synced 2024-05-23 17:14:59 +02:00
Code Issues Packages Projects Releases 1 Wiki Activity
friendica/src
History
Hypolite Petovan e16b6ee6e1
Check form security token in /settings/userexport module (#13929) 
* Escape HTML in the location field of a calendar event post

- This allowed script tags to be interpreted in the post display of an event.

* Add form security token check to /admin/phpinfo module

- This prevents basic XSS attacks against /admin/phpinfo

* Add form security token check to /babel module

- This prevents basic XSS attacks against /babel

* Prevent pass-through for attachments

- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload

* Prevent overwriting cid on event edit

- This allowed to share an event as any other user after zeroing the cid field of an existing event

* Check form security token in /settings/userexport module

- Prevents basic XSS attacks against /settings/userexport/*
2024-02-22 21:08:32 +01:00
..
App Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
Capabilities Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
Collection/Api Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
Console Image handling reworked, new image formats added (#13900) 2024-02-17 07:45:41 +01:00
Contact Image handling reworked, new image formats added (#13900) 2024-02-17 07:45:41 +01:00
Content Disallow mail addresses for registration (#13920) 2024-02-19 09:33:20 +01:00
Core Image handling reworked, new image formats added (#13900) 2024-02-17 07:45:41 +01:00
Database language field renamed to "language" 2024-02-02 07:05:39 +00:00
Factory Issue 13922: "voted" must not be null (#13923) 2024-02-20 07:09:55 +01:00
Federation Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
Model Fix several vulnerabilities (#13927) 2024-02-22 06:53:52 +01:00
Moderation Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
Module Check form security token in /settings/userexport module (#13929) 2024-02-22 21:08:32 +01:00
Navigation Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
Network Image handling reworked, new image formats added (#13900) 2024-02-17 07:45:41 +01:00
Object Issue 13922: "voted" must not be null (#13923) 2024-02-20 07:09:55 +01:00
Profile/ProfileField Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
Protocol Check for activity pub mime types 2024-02-19 07:11:56 +00:00
Render Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
Security [Composer] Bump guzzlehttp/guzzle to version 7 to suppress deprecation notices 2024-01-12 08:42:46 -05:00
User/Settings Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
Util Merge pull request #13921 from annando/content-type 2024-02-19 05:57:47 -05:00
Worker Expiry post search index entries 2024-01-21 16:24:59 +00:00
App.php bump version to 2024.03-rc 2024-02-14 08:24:41 +01:00
BaseCollection.php Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
BaseDataTransferObject.php Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
BaseEntity.php Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
BaseFactory.php Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
BaseModel.php Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
BaseModule.php Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
BaseRepository.php Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
DI.php Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00
LegacyModule.php Friendica copyright changed from 2023 to 2034 2024-01-02 20:57:26 +00:00