clones/friendica
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
friendica/view/theme/frio/templates
History
Hypolite Petovan 5c5d7eb04f
Fix several vulnerabilities (#13927) 
* Escape HTML in the location field of a calendar event post

- This allowed script tags to be interpreted in the post display of an event.

* Add form security token check to /admin/phpinfo module

- This prevents basic XSS attacks against /admin/phpinfo

* Add form security token check to /babel module

- This prevents basic XSS attacks against /babel

* Prevent pass-through for attachments

- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload

* Prevent overwriting cid on event edit

- This allowed to share an event as any other user after zeroing the cid field of an existing event
2024-02-22 06:53:52 +01:00
..
admin
Disallow mail addresses for registration (#13920)
2024-02-19 09:33:20 +01:00
calendar
Fix Smarty reference to version constant after it was moved to App class (#13769)
2023-12-25 19:26:19 +01:00
contact
Update entry.tpl
2023-12-17 11:03:41 +01:00
media
spelling: content
2023-03-26 16:03:22 -04:00
moderation
Fix Smarty reference to version constant after it was moved to App class (#13769)
2023-12-25 19:26:19 +01:00
notifications
Fix Smarty reference to version constant after it was moved to App class (#13769)
2023-12-25 19:26:19 +01:00
profile
[frio] Fix indentation and wrong button tag usage in vcard templates
2023-11-05 19:34:35 -05:00
settings
User setting to disable blurring of sensitive pictures (#13883)
2024-02-10 09:50:49 +01:00
sub
Show if a post arrived via relay
2020-09-21 12:31:20 +00:00
widget
[frio] Fix indentation and wrong button tag usage in vcard templates
2023-11-05 19:34:35 -05:00
album_edit.tpl
Remove whitespace from opening HTML tag ending
2021-05-20 08:39:36 -04:00
auto_request.tpl
[frio] Add page wrapper to contact follow page
2022-11-29 06:37:41 -05:00
circle_drop.tpl
Replace "group" with "circle" in the rest of the code
2023-05-27 22:01:45 -04:00
circle_edit.tpl
Fix Smarty reference to version constant after it was moved to App class (#13769)
2023-12-25 19:26:19 +01:00
circle_editor.tpl
Replace "group" with "circle" in the rest of the code
2023-05-27 22:01:45 -04:00
circle_side.tpl
Replace "group" with "circle" in the rest of the code
2023-05-27 22:01:45 -04:00
comment_item.tpl
Update comment_item.tpl
2023-12-17 08:02:33 +01:00
common_tabs.tpl
[frio] Larger clickable area for dropdown menus
2023-01-19 19:48:16 +01:00
confirm.tpl
Move translation strings in their own array for confirm templates
2021-10-02 13:52:54 -04:00
contact_drop_confirm.tpl
Move viewcontact_template and contact_template to contact/ folder
2022-11-04 07:03:55 -04:00
contact_edit.tpl
Visiblity is now frequency
2023-09-16 04:20:38 +00:00
contacts-head.tpl
Fix Smarty reference to version constant after it was moved to App class (#13769)
2023-12-25 19:26:19 +01:00
contacts-template.tpl
[frio] Contact actions size
2023-01-19 19:49:06 +01:00
conversation.tpl
[frio] Improve search list display for web and mobile
2022-11-19 17:16:51 -05:00
credits.tpl
Remove uses of HTML escaping in Smarty templates
2018-12-16 22:38:30 -05:00
directory_header.tpl
Move viewcontact_template and contact_template to contact/ folder
2022-11-04 07:03:55 -04:00
event_stream_item.tpl
Fix several vulnerabilities (#13927)
2024-02-22 06:53:52 +01:00
field_checkbox.tpl
remove a superfluous '01' that appeared next to checkboxes from template file
2024-01-10 17:41:53 +01:00
field_colorinput.tpl
Remove escaping exception for form field values
2023-08-02 16:30:48 +02:00
field_custom.tpl
Avoid escaping relevant template variables
2018-12-16 22:38:32 -05:00
field_fileinput.tpl
Clean up smarty templates.
2024-01-07 21:40:01 +01:00
field_input.tpl
Clean up smarty templates.
2024-01-07 21:40:01 +01:00
field_intcheckbox.tpl
Clean up smarty templates.
2024-01-07 21:40:01 +01:00
field_openid.tpl
Clean up smarty templates.
2024-01-07 21:40:01 +01:00
field_password.tpl
Clean up smarty templates.
2024-01-07 21:40:01 +01:00
field_radio.tpl
Acessibility: Improve navigation and contact approval
2020-02-05 16:14:04 +00:00
field_select_raw.tpl
Normalize field_*.tpl formatting
2019-02-03 15:33:59 -05:00
field_select.tpl
Use double quotes where possible
2024-01-07 21:48:22 +01:00
field_textarea.tpl
Clean up smarty templates.
2024-01-07 21:40:01 +01:00
field_themeselect.tpl
Clean up smarty templates.
2024-01-07 21:40:01 +01:00
footer.tpl
spelling: close
2023-03-26 16:03:22 -04:00
generic_links_widget.tpl
Avoid escaping relevant template variables
2018-12-16 22:38:32 -05:00
head.tpl
Fix Smarty reference to version constant after it was moved to App class (#13769)
2023-12-25 19:26:19 +01:00
home.tpl
Fix home escaping
2018-12-21 00:05:55 -05:00
invite.tpl
Remove whitespace from opening HTML tag ending
2021-05-20 08:39:36 -04:00
jot-header.tpl
[frio] Move item deletion rotator to button
2024-01-15 10:22:37 -05:00
jot.tpl
Update jot.tpl
2023-12-17 08:03:19 +01:00
js_strings.tpl
[frio] Add Mute Author Server button to post actions
2023-08-20 14:27:09 -04:00
like_noshare.tpl
remove rotator from templates
2023-03-14 17:32:11 +01:00
login.tpl
Remove whitespace from opening HTML tag ending
2021-05-20 08:39:36 -04:00
mail_conv.tpl
Remove whitespace from opening HTML tag ending
2021-05-20 08:39:36 -04:00
mail_display.tpl
fix some HTML violations in frio
2017-10-20 15:21:42 +02:00
mail_head.tpl
Remove unused template variable $tabcontent in mail_head.tpl
2018-12-19 06:39:36 -05:00
mail_list.tpl
add link to direct message heading
2022-12-29 18:28:01 +01:00
message_side.tpl
Avoid escaping relevant template variables
2018-12-16 22:38:32 -05:00
msg-header.tpl
Move /acl module to src/
2019-10-03 22:40:42 -04:00
nav_head.tpl
Move /acl module to src/
2019-10-03 22:40:42 -04:00
nav.tpl
Use $request / changed icon
2023-09-02 19:16:48 +00:00
page_tabs.tpl
Create new page_tabs template
2020-08-06 22:59:09 -04:00
paginate.tpl
limit pagination page buttons to max 10
2017-03-14 18:31:03 +01:00
photo_album.tpl
Reworked /photos module without App->error
2019-05-01 19:36:14 -04:00
photo_albums.tpl
Create /profile/{nickname}/photos route
2022-11-20 17:15:07 -05:00
photo_item.tpl
Add RTL support for item body in search and photo body
2021-05-19 10:36:25 -04:00
photo_top.tpl
Remove uses of HTML escaping in Smarty templates
2018-12-16 22:38:30 -05:00
photo_view.tpl
small typo
2023-01-04 09:18:24 +01:00
photos_default_uploader_box.tpl
Frio: new photos upload template (#5637)
2018-08-20 00:29:50 -04:00
photos_default_uploader_submit.tpl
Remove uses of HTML escaping in Smarty templates
2018-12-16 22:38:30 -05:00
photos_head.tpl
Fix Smarty reference to version constant after it was moved to App class (#13769)
2023-12-25 19:26:19 +01:00
photos_recent.tpl
Make frio more consistent by replacing textual links with icons everywhere. (#5415)
2018-07-21 07:31:05 -04:00
photos_upload.tpl
Create /profile/{nickname}/photos route
2022-11-20 17:15:07 -05:00
prv_message.tpl
send on ctrl+enter
2023-10-11 04:09:44 +02:00
register.tpl
spelling: explicit
2023-03-26 16:03:23 -04:00
search_item.tpl
Update search_item.tpl
2023-11-19 09:58:32 +01:00
searchbox.tpl
[frio] Restore focus styles
2020-04-27 09:43:46 -04:00
theme_settings.tpl
Fix Smarty reference to version constant after it was moved to App class (#13769)
2023-12-25 19:26:19 +01:00
threaded_conversation.tpl
[frio] Move item deletion rotator to button
2024-01-15 10:22:37 -05:00
voting_fakelink.tpl
Switch tag of expanded like list to paragraph
2019-02-14 22:17:08 -05:00
wall_thread.tpl
Merge pull request #13754 from xundeenergie/quote-button
2023-12-23 11:39:05 -05:00