Hypolite Petovan
5c5d7eb04f
Fix several vulnerabilities ( #13927 )
...
* Escape HTML in the location field of a calendar event post
- This allowed script tags to be interpreted in the post display of an event.
* Add form security token check to /admin/phpinfo module
- This prevents basic XSS attacks against /admin/phpinfo
* Add form security token check to /babel module
- This prevents basic XSS attacks against /babel
* Prevent pass-through for attachments
- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload
* Prevent overwriting cid on event edit
- This allowed to share an event as any other user after zeroing the cid field of an existing event
2024-02-22 06:53:52 +01:00
Michael Vogel
d5c0f086bd
Disallow mail addresses for registration ( #13920 )
...
* Disallow mail addresses for registration
* Order for allow/disallow has been changed
2024-02-19 09:33:20 +01:00
Michael Vogel
52825cb4c4
User setting to disable blurring of sensitive pictures ( #13883 )
2024-02-10 09:50:49 +01:00
Michael
3fe4991fcf
Filter user defined channels by size
2024-01-30 10:05:05 +00:00
Michael Vogel
09edf251ee
Anti spam measures against hashtag spam ( #13855 )
2024-01-25 19:41:07 +01:00
Michael
6389133575
Expiry post search index entries
2024-01-21 16:24:59 +00:00
Michael Vogel
75b37fe376
Merge pull request #13834 from MrPetovan/task/remove-delete-rotator
...
[frio] Move item deletion rotator to button
2024-01-17 18:00:31 +01:00
Hypolite Petovan
0b93270d7b
[frio] Move item deletion rotator to button
2024-01-15 10:22:37 -05:00
Michael
7a13d8b8ac
Merge remote-tracking branch 'upstream/develop' into channel-relay
2024-01-15 06:14:55 +00:00
Hannes Heute
60e1427ffe
remove a superfluous '01' that appeared next to checkboxes from template file
2024-01-10 17:41:53 +01:00
Dr. Tobias Quathamer
6fd057fd00
Use double quotes where possible
2024-01-07 21:48:22 +01:00
Dr. Tobias Quathamer
e6036b8266
Clean up smarty templates.
...
This simplifies some logic in if-conditions, because
smarty just returns an empty string for undefined
variables.
Also, this commit removes unnecessary values from
HTML input attributes.
2024-01-07 21:40:01 +01:00
Michael
d2a74d1936
New option to disallow
2024-01-07 19:22:56 +00:00
Michael
c4b85ef25a
New field "publish" for channels
2024-01-07 18:36:47 +00:00
Dr. Tobias Quathamer
26f4532d47
Enable HTML attributes in all form fields.
...
Closes #13804
2024-01-06 16:28:48 +01:00
Michael
31b88da9d5
Merge remote-tracking branch 'upstream/develop' into channel-languages
2024-01-03 19:17:58 +00:00
Michael
da3d390187
User defined channels can now have got individual language definitions
2024-01-03 19:17:14 +00:00
Michael
7ecf143e4c
The "unkmail" functionality is removed
2024-01-03 10:23:11 +00:00
Michael
89e7420237
Friendica copyright changed from 2023 to 2034
2024-01-02 20:57:26 +00:00
Raroun
6c1df6471a
Update style.css
...
Added missing spaces
2023-12-26 19:40:44 +01:00
Raroun
4e3302ea0d
Update style.css
...
Addes remote friends in common wrapper
2023-12-26 16:42:07 +01:00
Raroun
bfc11495f3
Update style.css
...
Adjusted the BGcolor as suggested by Annando
2023-12-26 14:13:02 +01:00
Raroun
46d34c53e6
Update style.css - removed unnecessary empty line
2023-12-26 10:04:24 +01:00
Raroun
2bb5785dfa
Update style.css
...
addes missing empty lines
2023-12-26 09:53:12 +01:00
Raroun
243bcba726
Update style.css to display remote friends in common in a css grid
2023-12-26 09:46:33 +01:00
Hypolite Petovan
04cdd3e8ec
Fix Smarty reference to version constant after it was moved to App class ( #13769 )
2023-12-25 19:26:19 +01:00
Michael Vogel
f23ecaff6a
Posts per author/server on the community pages ( #13764 )
...
* Posts per author/server on the community pages
* Updated database.sql
2023-12-25 12:39:15 +01:00
Hypolite Petovan
1f9536694c
Merge pull request #13754 from xundeenergie/quote-button
...
Change reshare to quote icon for quote-button
2023-12-23 11:39:05 -05:00
Raroun
9d4a515571
Update style.css
...
Added 15 pixels of space between picture permissions and send button
2023-12-23 05:39:51 +01:00
Jakobus Schürz
0426dacfad
Change reshare to quote icon for quote-button
...
It is confusing that in desktop-view the quote-button has a forward-icon
and in smartphone-view the forward-icon opens a menu with reshare and
quote-option.
I always clicked wrong in desktop in case of this confusing solution.
So i changed the icon for the quote-share option to quotation-marks in
desktop- and smartphone-view.
The forward-icon for the menu is unchanged.
2023-12-22 08:39:42 +01:00
Raroun
d7c757d63e
Update wall_thread.tpl
...
Addes a bit more space between the icons and the text in the more menu on dektop and mobile
2023-12-21 08:06:59 +01:00
Hypolite Petovan
3cfe7d61fc
Merge pull request #13734 from Raroun/Fix-for-Issue-#13403
...
Fix for issue #13403 [Frio] Optical assignment of a contact to a circle not/hardly distinguishable
2023-12-17 21:17:50 -05:00
Hypolite Petovan
02dded6caa
Merge pull request #13730 from Raroun/Fix_for_Issue_#13720
...
Fix for issue #13720 - [frio] Compose-box initially way too small by default
2023-12-17 21:14:04 -05:00
Raroun
c1b649af94
Update style.css
...
Reduced the icon size from 20 pixels to 15 pixels
i like that the button is on the same heigth as the username, but 20 pixels is just too much there.
2023-12-17 11:34:16 +01:00
Raroun
571339f530
Update entry.tpl
...
added missing "contact-circle-link" css class
2023-12-17 11:03:41 +01:00
Raroun
7eb5a0775c
Update entry.tpl
...
Addes missing "contact-circle-actions" css class
2023-12-17 10:33:21 +01:00
Raroun
d9c9ab6cee
Update jot.tpl
...
Increased rows from 2 to 8 which still fits mobile screens
2023-12-17 08:03:19 +01:00
Raroun
7c56cb3132
Update comment_item.tpl
...
Increased rows from 3 to 8 which still fits mobile screens
2023-12-17 08:02:33 +01:00
Michael
8de58aa39d
open channel settings when empty
2023-12-17 06:41:19 +00:00
Michael
0a0d2c98e8
Channel definition now stays open after edit
2023-12-17 06:16:26 +00:00
Michael
62386e4c9e
Frio: Improved user defined channel page
2023-12-16 21:43:01 +00:00
Raroun
fb362f91ac
Update style.css
2023-12-15 11:39:57 +01:00
Hypolite Petovan
541208a6bd
Merge pull request #13711 from annando/update-item
...
Frio: perform item update after activity
2023-12-11 08:26:47 -05:00
Michael
113d72f59f
Frio: perform item update after activity
2023-12-11 04:26:24 +00:00
Hypolite Petovan
9743d2f40c
[frio] Limit thread indentation level to 7 (at thread level 9)
2023-12-08 20:55:19 -05:00
Michael
cb91800088
"worker_fetch_limit" is moved as well
2023-12-03 22:49:35 +00:00
Michael
5cd85d9bb7
"items per page" is now in the site settings as well
2023-12-03 14:30:40 +00:00
Michael
e99c916df1
Some more settings moved to the admin frontend
2023-12-03 13:43:48 +00:00
Michael
7bf7744efb
The "cron_interval" is now reachable via the admin site settings
2023-12-03 11:20:37 +00:00
Michael
e87c79780a
"min_poll_interval" moved as well
2023-12-03 11:08:21 +00:00