Commit Graph

1198 Commits

Author SHA1 Message Date
Hypolite Petovan 5c5d7eb04f
Fix several vulnerabilities (#13927)
* Escape HTML in the location field of a calendar event post

- This allowed script tags to be interpreted in the post display of an event.

* Add form security token check to /admin/phpinfo module

- This prevents basic XSS attacks against /admin/phpinfo

* Add form security token check to /babel module

- This prevents basic XSS attacks against /babel

* Prevent pass-through for attachments

- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload

* Prevent overwriting cid on event edit

- This allowed to share an event as any other user after zeroing the cid field of an existing event
2024-02-22 06:53:52 +01:00
Michael Vogel d5c0f086bd
Disallow mail addresses for registration (#13920)
* Disallow mail addresses for registration

* Order for allow/disallow has been changed
2024-02-19 09:33:20 +01:00
Michael Vogel 52825cb4c4
User setting to disable blurring of sensitive pictures (#13883) 2024-02-10 09:50:49 +01:00
Michael 3fe4991fcf Filter user defined channels by size 2024-01-30 10:05:05 +00:00
Michael Vogel 09edf251ee
Anti spam measures against hashtag spam (#13855) 2024-01-25 19:41:07 +01:00
Michael 6389133575 Expiry post search index entries 2024-01-21 16:24:59 +00:00
Michael Vogel 75b37fe376
Merge pull request #13834 from MrPetovan/task/remove-delete-rotator
[frio] Move item deletion rotator to button
2024-01-17 18:00:31 +01:00
Hypolite Petovan 0b93270d7b [frio] Move item deletion rotator to button 2024-01-15 10:22:37 -05:00
Michael 7a13d8b8ac Merge remote-tracking branch 'upstream/develop' into channel-relay 2024-01-15 06:14:55 +00:00
Hannes Heute 60e1427ffe remove a superfluous '01' that appeared next to checkboxes from template file 2024-01-10 17:41:53 +01:00
Dr. Tobias Quathamer 6fd057fd00 Use double quotes where possible 2024-01-07 21:48:22 +01:00
Dr. Tobias Quathamer e6036b8266 Clean up smarty templates.
This simplifies some logic in if-conditions, because
smarty just returns an empty string for undefined
variables.

Also, this commit removes unnecessary values from
HTML input attributes.
2024-01-07 21:40:01 +01:00
Michael d2a74d1936 New option to disallow 2024-01-07 19:22:56 +00:00
Michael c4b85ef25a New field "publish" for channels 2024-01-07 18:36:47 +00:00
Dr. Tobias Quathamer 26f4532d47 Enable HTML attributes in all form fields.
Closes #13804
2024-01-06 16:28:48 +01:00
Michael 31b88da9d5 Merge remote-tracking branch 'upstream/develop' into channel-languages 2024-01-03 19:17:58 +00:00
Michael da3d390187 User defined channels can now have got individual language definitions 2024-01-03 19:17:14 +00:00
Michael 7ecf143e4c The "unkmail" functionality is removed 2024-01-03 10:23:11 +00:00
Hypolite Petovan 04cdd3e8ec
Fix Smarty reference to version constant after it was moved to App class (#13769) 2023-12-25 19:26:19 +01:00
Michael Vogel f23ecaff6a
Posts per author/server on the community pages (#13764)
* Posts per author/server on the community pages

* Updated database.sql
2023-12-25 12:39:15 +01:00
Hypolite Petovan 1f9536694c
Merge pull request #13754 from xundeenergie/quote-button
Change reshare to quote icon for quote-button
2023-12-23 11:39:05 -05:00
Jakobus Schürz 0426dacfad Change reshare to quote icon for quote-button
It is confusing that in desktop-view the quote-button has a forward-icon
and in smartphone-view the forward-icon opens a menu with reshare and
quote-option.

I always clicked wrong in desktop in case of this confusing solution.

So i changed the icon for the quote-share option to quotation-marks in
desktop- and smartphone-view.
The forward-icon for the menu is unchanged.
2023-12-22 08:39:42 +01:00
Raroun d7c757d63e
Update wall_thread.tpl
Addes a bit more space between the icons and the text in the more menu on dektop and mobile
2023-12-21 08:06:59 +01:00
Hypolite Petovan 3cfe7d61fc
Merge pull request #13734 from Raroun/Fix-for-Issue-#13403
Fix for issue #13403 [Frio] Optical assignment of a contact to a circle not/hardly distinguishable
2023-12-17 21:17:50 -05:00
Hypolite Petovan 02dded6caa
Merge pull request #13730 from Raroun/Fix_for_Issue_#13720
Fix for issue #13720 - [frio] Compose-box initially way too small by default
2023-12-17 21:14:04 -05:00
Raroun 571339f530
Update entry.tpl
added missing "contact-circle-link" css class
2023-12-17 11:03:41 +01:00
Raroun 7eb5a0775c
Update entry.tpl
Addes missing "contact-circle-actions" css class
2023-12-17 10:33:21 +01:00
Raroun d9c9ab6cee
Update jot.tpl
Increased rows from 2 to 8 which still fits mobile screens
2023-12-17 08:03:19 +01:00
Raroun 7c56cb3132
Update comment_item.tpl
Increased rows from 3 to 8 which still fits mobile screens
2023-12-17 08:02:33 +01:00
Michael 8de58aa39d open channel settings when empty 2023-12-17 06:41:19 +00:00
Michael 0a0d2c98e8 Channel definition now stays open after edit 2023-12-17 06:16:26 +00:00
Michael 62386e4c9e Frio: Improved user defined channel page 2023-12-16 21:43:01 +00:00
Hypolite Petovan 9743d2f40c [frio] Limit thread indentation level to 7 (at thread level 9) 2023-12-08 20:55:19 -05:00
Michael cb91800088 "worker_fetch_limit" is moved as well 2023-12-03 22:49:35 +00:00
Michael 5cd85d9bb7 "items per page" is now in the site settings as well 2023-12-03 14:30:40 +00:00
Michael e99c916df1 Some more settings moved to the admin frontend 2023-12-03 13:43:48 +00:00
Michael 7bf7744efb The "cron_interval" is now reachable via the admin site settings 2023-12-03 11:20:37 +00:00
Michael e87c79780a "min_poll_interval" moved as well 2023-12-03 11:08:21 +00:00
Michael f93192bc28 The channel settings are now available on the site settings 2023-12-03 09:45:13 +00:00
Michael c6221872e2 Changes after review 2023-11-28 16:11:02 +00:00
Michael 46b1b66dbf Several settings can now be reached via the site settings 2023-11-28 00:57:51 +00:00
Michael 67f727e3b3 Merge remote-tracking branch 'upstream/2023.09-rc' into server-discovery 2023-11-27 19:28:13 +00:00
Michael 077c9ff0c9 Improved control about the contact/server updates 2023-11-27 19:00:12 +00:00
Hypolite Petovan 3b3d0231bc Replace last occurrences of in_array used as a Smarty modifier
- Address https://github.com/friendica/friendica/issues/13158#issuecomment-1826266366
2023-11-27 12:07:18 -05:00
Michael b3d7dfb9a5 Issue 8542: User option to display the event list/birthday notification 2023-11-25 14:57:24 +00:00
Raroun bcb75d65a3
Update search_item.tpl
Fix indentation
2023-11-19 09:58:32 +01:00
Raroun 118d736aa9
Update search_item.tpl
Added new behavior here also
2023-11-19 09:52:40 +01:00
Michael 581b96c32f New user option to hide the page drop checkbox 2023-11-15 21:55:54 +00:00
Raroun 98f26cb9d6
Update view/theme/frio/templates/wall_thread.tpl
Co-authored-by: Hypolite Petovan <hypolite@mrpetovan.com>
2023-11-13 19:04:13 +01:00
Raroun 72817daa3b
Update wall_thread.tpl - fix indentation 2023-11-13 18:47:34 +01:00