Hypolite Petovan
5c5d7eb04f
Fix several vulnerabilities ( #13927 )
...
* Escape HTML in the location field of a calendar event post
- This allowed script tags to be interpreted in the post display of an event.
* Add form security token check to /admin/phpinfo module
- This prevents basic XSS attacks against /admin/phpinfo
* Add form security token check to /babel module
- This prevents basic XSS attacks against /babel
* Prevent pass-through for attachments
- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload
* Prevent overwriting cid on event edit
- This allowed to share an event as any other user after zeroing the cid field of an existing event
2024-02-22 06:53:52 +01:00
Michael Vogel
d5c0f086bd
Disallow mail addresses for registration ( #13920 )
...
* Disallow mail addresses for registration
* Order for allow/disallow has been changed
2024-02-19 09:33:20 +01:00
Michael Vogel
52825cb4c4
User setting to disable blurring of sensitive pictures ( #13883 )
2024-02-10 09:50:49 +01:00
Michael
3fe4991fcf
Filter user defined channels by size
2024-01-30 10:05:05 +00:00
Michael Vogel
09edf251ee
Anti spam measures against hashtag spam ( #13855 )
2024-01-25 19:41:07 +01:00
Michael
6389133575
Expiry post search index entries
2024-01-21 16:24:59 +00:00
Michael Vogel
75b37fe376
Merge pull request #13834 from MrPetovan/task/remove-delete-rotator
...
[frio] Move item deletion rotator to button
2024-01-17 18:00:31 +01:00
Hypolite Petovan
0b93270d7b
[frio] Move item deletion rotator to button
2024-01-15 10:22:37 -05:00
Michael
7a13d8b8ac
Merge remote-tracking branch 'upstream/develop' into channel-relay
2024-01-15 06:14:55 +00:00
Hannes Heute
60e1427ffe
remove a superfluous '01' that appeared next to checkboxes from template file
2024-01-10 17:41:53 +01:00
Dr. Tobias Quathamer
6fd057fd00
Use double quotes where possible
2024-01-07 21:48:22 +01:00
Dr. Tobias Quathamer
e6036b8266
Clean up smarty templates.
...
This simplifies some logic in if-conditions, because
smarty just returns an empty string for undefined
variables.
Also, this commit removes unnecessary values from
HTML input attributes.
2024-01-07 21:40:01 +01:00
Michael
d2a74d1936
New option to disallow
2024-01-07 19:22:56 +00:00
Michael
c4b85ef25a
New field "publish" for channels
2024-01-07 18:36:47 +00:00
Dr. Tobias Quathamer
26f4532d47
Enable HTML attributes in all form fields.
...
Closes #13804
2024-01-06 16:28:48 +01:00
Michael
31b88da9d5
Merge remote-tracking branch 'upstream/develop' into channel-languages
2024-01-03 19:17:58 +00:00
Michael
da3d390187
User defined channels can now have got individual language definitions
2024-01-03 19:17:14 +00:00
Michael
7ecf143e4c
The "unkmail" functionality is removed
2024-01-03 10:23:11 +00:00
Hypolite Petovan
04cdd3e8ec
Fix Smarty reference to version constant after it was moved to App class ( #13769 )
2023-12-25 19:26:19 +01:00
Michael Vogel
f23ecaff6a
Posts per author/server on the community pages ( #13764 )
...
* Posts per author/server on the community pages
* Updated database.sql
2023-12-25 12:39:15 +01:00
Hypolite Petovan
1f9536694c
Merge pull request #13754 from xundeenergie/quote-button
...
Change reshare to quote icon for quote-button
2023-12-23 11:39:05 -05:00
Jakobus Schürz
0426dacfad
Change reshare to quote icon for quote-button
...
It is confusing that in desktop-view the quote-button has a forward-icon
and in smartphone-view the forward-icon opens a menu with reshare and
quote-option.
I always clicked wrong in desktop in case of this confusing solution.
So i changed the icon for the quote-share option to quotation-marks in
desktop- and smartphone-view.
The forward-icon for the menu is unchanged.
2023-12-22 08:39:42 +01:00
Raroun
d7c757d63e
Update wall_thread.tpl
...
Addes a bit more space between the icons and the text in the more menu on dektop and mobile
2023-12-21 08:06:59 +01:00
Hypolite Petovan
3cfe7d61fc
Merge pull request #13734 from Raroun/Fix-for-Issue-#13403
...
Fix for issue #13403 [Frio] Optical assignment of a contact to a circle not/hardly distinguishable
2023-12-17 21:17:50 -05:00
Hypolite Petovan
02dded6caa
Merge pull request #13730 from Raroun/Fix_for_Issue_#13720
...
Fix for issue #13720 - [frio] Compose-box initially way too small by default
2023-12-17 21:14:04 -05:00
Raroun
571339f530
Update entry.tpl
...
added missing "contact-circle-link" css class
2023-12-17 11:03:41 +01:00
Raroun
7eb5a0775c
Update entry.tpl
...
Addes missing "contact-circle-actions" css class
2023-12-17 10:33:21 +01:00
Raroun
d9c9ab6cee
Update jot.tpl
...
Increased rows from 2 to 8 which still fits mobile screens
2023-12-17 08:03:19 +01:00
Raroun
7c56cb3132
Update comment_item.tpl
...
Increased rows from 3 to 8 which still fits mobile screens
2023-12-17 08:02:33 +01:00
Michael
8de58aa39d
open channel settings when empty
2023-12-17 06:41:19 +00:00
Michael
0a0d2c98e8
Channel definition now stays open after edit
2023-12-17 06:16:26 +00:00
Michael
62386e4c9e
Frio: Improved user defined channel page
2023-12-16 21:43:01 +00:00
Hypolite Petovan
9743d2f40c
[frio] Limit thread indentation level to 7 (at thread level 9)
2023-12-08 20:55:19 -05:00
Michael
cb91800088
"worker_fetch_limit" is moved as well
2023-12-03 22:49:35 +00:00
Michael
5cd85d9bb7
"items per page" is now in the site settings as well
2023-12-03 14:30:40 +00:00
Michael
e99c916df1
Some more settings moved to the admin frontend
2023-12-03 13:43:48 +00:00
Michael
7bf7744efb
The "cron_interval" is now reachable via the admin site settings
2023-12-03 11:20:37 +00:00
Michael
e87c79780a
"min_poll_interval" moved as well
2023-12-03 11:08:21 +00:00
Michael
f93192bc28
The channel settings are now available on the site settings
2023-12-03 09:45:13 +00:00
Michael
c6221872e2
Changes after review
2023-11-28 16:11:02 +00:00
Michael
46b1b66dbf
Several settings can now be reached via the site settings
2023-11-28 00:57:51 +00:00
Michael
67f727e3b3
Merge remote-tracking branch 'upstream/2023.09-rc' into server-discovery
2023-11-27 19:28:13 +00:00
Michael
077c9ff0c9
Improved control about the contact/server updates
2023-11-27 19:00:12 +00:00
Hypolite Petovan
3b3d0231bc
Replace last occurrences of in_array used as a Smarty modifier
...
- Address https://github.com/friendica/friendica/issues/13158#issuecomment-1826266366
2023-11-27 12:07:18 -05:00
Michael
b3d7dfb9a5
Issue 8542: User option to display the event list/birthday notification
2023-11-25 14:57:24 +00:00
Raroun
bcb75d65a3
Update search_item.tpl
...
Fix indentation
2023-11-19 09:58:32 +01:00
Raroun
118d736aa9
Update search_item.tpl
...
Added new behavior here also
2023-11-19 09:52:40 +01:00
Michael
581b96c32f
New user option to hide the page drop checkbox
2023-11-15 21:55:54 +00:00
Raroun
98f26cb9d6
Update view/theme/frio/templates/wall_thread.tpl
...
Co-authored-by: Hypolite Petovan <hypolite@mrpetovan.com>
2023-11-13 19:04:13 +01:00
Raroun
72817daa3b
Update wall_thread.tpl - fix indentation
2023-11-13 18:47:34 +01:00