clones/friendica
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
friendica/view/templates
History
Hypolite Petovan 5c5d7eb04f
Fix several vulnerabilities (#13927) 
* Escape HTML in the location field of a calendar event post

- This allowed script tags to be interpreted in the post display of an event.

* Add form security token check to /admin/phpinfo module

- This prevents basic XSS attacks against /admin/phpinfo

* Add form security token check to /babel module

- This prevents basic XSS attacks against /babel

* Prevent pass-through for attachments

- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload

* Prevent overwriting cid on event edit

- This allowed to share an event as any other user after zeroing the cid field of an existing event
2024-02-22 06:53:52 +01:00
..
acl
Replace "group" with "circle" in the rest of the code
2023-05-27 22:01:45 -04:00
admin
Disallow mail addresses for registration (#13920)
2024-02-19 09:33:20 +01:00
calendar
Fix Smarty reference to version constant after it was moved to App class (#13769)
2023-12-25 19:26:19 +01:00
contact
Filter contact search by blocked remote domains
2023-04-20 07:43:17 -04:00
content
Add caption to described images without a preview
2023-10-08 10:28:17 -04:00
debug
Issue 9743: Added translatable texts
2021-03-08 21:17:27 +00:00
email
Fix mail text ... again
2020-03-08 20:24:17 +01:00
field
Add translation to required labels on input fields
2020-12-19 22:52:45 -05:00
install
spelling: phppath
2023-03-26 20:04:07 -04:00
item
send on ctrl+enter
2023-10-11 04:09:44 +02:00
media
Fix Smarty reference to version constant after it was moved to App class (#13769)
2023-12-25 19:26:19 +01:00
moderation
Basic functionality for seeing reports
2023-09-10 08:00:44 +00:00
notifications
add loagin="lazy" to avatar-images too
2023-10-04 11:56:46 +02:00
ostatus
Create new OStatus\Repair module class
2022-11-07 21:44:18 -05:00
post/tag
Create Post/Tag/Remove module class and route
2022-11-03 00:27:08 -04:00
profile
The "unkmail" functionality is removed
2024-01-03 10:23:11 +00:00
security
Add password length limit if using the Blowfish hashing algorithm
2022-08-01 12:12:18 -04:00
settings
User setting to disable blurring of sensitive pictures (#13883)
2024-02-10 09:50:49 +01:00
special
Fix DisplayNotFound page
2023-08-20 14:26:27 -04:00
sub
spelling: overridden
2023-03-26 16:14:16 -04:00
twofactor
Improve 2 factor usage
2022-06-25 23:04:00 +02:00
user
Create new User\Import module class
2022-11-02 11:27:31 -04:00
wall
Avoid escaping relevant template variables
2018-12-16 22:38:32 -05:00
widget
Issue 13859: Posts to a group in "Vier" is now possible (#13864)
2024-01-31 19:09:57 +01:00
404.tpl
removed old comment that is no longer true
2014-09-06 00:14:25 +02:00
album_edit.tpl
Remove whitespace from opening HTML tag ending
2021-05-20 08:39:36 -04:00
apps.tpl
Avoid escaping relevant template variables
2018-12-16 22:38:32 -05:00
auto_request.tpl
Rename auto_request.tpl form action template variable
2022-10-31 15:30:23 -04:00
babel.tpl
Fix several vulnerabilities (#13927)
2024-02-22 06:53:52 +01:00
birthdays_reminder.tpl
Remove whitespace from opening HTML tag ending
2021-05-20 08:39:36 -04:00
circle_drop.tpl
Replace "group" with "circle" in the rest of the code
2023-05-27 22:01:45 -04:00
circle_edit.tpl
Replace "group" with "circle" in the rest of the code
2023-05-27 22:01:45 -04:00
circle_editor.tpl
Replace "group" with "circle" in the rest of the code
2023-05-27 22:01:45 -04:00
circle_selection.tpl
Dedicated circle name for groups
2023-06-25 20:37:11 +00:00
circle_side.tpl
Replace "group" with "circle" in the rest of the code
2023-05-27 22:01:45 -04:00
comment_item.tpl
Add RTL support to many input fields
2021-05-20 08:39:37 -04:00
common_tabs.tpl
Added many accesskeys ...
2015-08-08 17:33:43 +02:00
community.tpl
Avoid escaping relevant template variables
2018-12-16 22:38:32 -05:00
confirm.tpl
Move translation strings in their own array for confirm templates
2021-10-02 13:52:54 -04:00
contact_drop_confirm.tpl
Replace remaining references to contact_template.tpl by contact/entry.tpl
2022-11-16 16:23:47 -05:00
contact_edit.tpl
Visiblity is now frequency
2023-09-16 04:20:38 +00:00
contact_head.tpl
- Remove tinyMCE mentions or convert to addeditortext()
2017-01-26 22:50:27 -05:00
contacts-head.tpl
Move /acl module to src/
2019-10-03 22:40:42 -04:00
contacts-template.tpl
[vier] Fix contacts display
2022-11-06 17:41:10 +01:00
content_wrapper.tpl
Avoid escaping relevant template variables
2018-12-16 22:38:32 -05:00
content.tpl
removed old comment that is no longer true
2014-09-06 00:14:25 +02:00
conversation.tpl
Remove whitespace from opening HTML tag ending
2021-05-20 08:39:36 -04:00
credits.tpl
use section_title.tpl for page title
2015-10-30 18:05:45 +01:00
delegation.tpl
Refactor Delegation modules
2023-10-14 14:15:40 -04:00
diaspora_vcard.tpl
update MF2 and vcard data for issue #2629
2016-06-21 10:23:43 -04:00
directory_header.tpl
Replace remaining references to contact_template.tpl by contact/entry.tpl
2022-11-16 16:23:47 -05:00
directory_item.tpl
Remove whitespace from opening HTML tag ending
2021-05-20 08:39:36 -04:00
display-head.tpl
Restore auto-complete feature in comments forms
2020-12-27 20:36:33 -05:00
event_stream_item.tpl
Unescape stream event title
2019-07-28 21:46:43 -04:00
events_reminder.tpl
Move mod/cal.php and mod/events.php to Module
2022-11-07 19:52:24 +01:00
exception.tpl
Ensure arbitrary HTTPException messages are HTML escaped
2023-02-04 20:36:33 -05:00
feedtest.tpl
add feedback
2019-05-05 17:02:17 +02:00
field_checkbox.tpl
Clean up smarty templates.
2024-01-07 21:40:01 +01:00
field_combobox.tpl
Use double quotes where possible
2024-01-07 21:48:22 +01:00
field_custom.tpl
Use double quotes where possible
2024-01-07 21:48:22 +01:00
field_datetime.tpl
Use double quotes where possible
2024-01-07 21:48:22 +01:00
field_input.tpl
Clean up smarty templates.
2024-01-07 21:40:01 +01:00
field_intcheckbox.tpl
Use double quotes where possible
2024-01-07 21:48:22 +01:00
field_openid.tpl
Use double quotes where possible
2024-01-07 21:48:22 +01:00
field_password.tpl
Clean up smarty templates.
2024-01-07 21:40:01 +01:00
field_radio.tpl
Use double quotes where possible
2024-01-07 21:48:22 +01:00
field_select_raw.tpl
Normalize field_*.tpl formatting
2019-02-03 15:33:59 -05:00
field_select.tpl
Use double quotes where possible
2024-01-07 21:48:22 +01:00
field_textarea.tpl
Clean up smarty templates.
2024-01-07 21:40:01 +01:00
field_themeselect.tpl
Clean up smarty templates.
2024-01-07 21:40:01 +01:00
field.tpl
removed old comment that is no longer true
2014-09-06 00:14:25 +02:00
filer_dialog.tpl
Remove whitespace from opening HTML tag ending
2021-05-20 08:39:36 -04:00
files.tpl
Remove uses of HTML escaping in Smarty templates
2018-12-16 22:38:30 -05:00
footer.tpl
Add new footer hook
2018-09-20 21:01:05 -04:00
friendica.tpl
add a nofollow to the blocklist export link
2022-10-26 07:30:46 +02:00
fsuggest.tpl
Move mod/fsuggest to src/Module/SuggestFriends
2020-01-31 23:50:46 +01:00
generic_links_widget.tpl
Avoid escaping relevant template variables
2018-12-16 22:38:32 -05:00
head.tpl
Fix Smarty reference to version constant after it was moved to App class (#13769)
2023-12-25 19:26:19 +01:00
hide_comments.tpl
removed old comment that is no longer true
2014-09-06 00:14:25 +02:00
home.tpl
Move mod/home to src/Module/Home
2019-05-04 13:08:31 +02:00
hovercard.tpl
improve button-icon for groups in hovercard
2023-10-03 09:00:11 +02:00
http_status.tpl
Ensure arbitrary HTTPException messages are HTML escaped
2023-02-04 20:36:33 -05:00
infinite_scroll_head.tpl
Removing the page number from the infinite scrolling
2020-09-26 21:46:22 +00:00
invite.tpl
Remove whitespace from opening HTML tag ending
2021-05-20 08:39:36 -04:00
jot_geotag.tpl
removed old comment that is no longer true
2014-09-06 00:14:25 +02:00
jot-header.tpl
Fix Smarty reference to version constant after it was moved to App class (#13769)
2023-12-25 19:26:19 +01:00
jot.tpl
Emojis are now added either in comments or starting posts - but not both
2023-05-06 21:46:40 +00:00
like_noshare.tpl
Rename dolike to doActivityItem
2021-01-31 08:39:47 -05:00
login_head.tpl
eliminate Cropper conflicts with jQuery
2013-06-01 10:42:51 -06:00
login.tpl
Remove whitespace from opening HTML tag ending
2021-05-20 08:39:36 -04:00
logout.tpl
Remove whitespace from opening HTML tag ending
2021-05-20 08:39:36 -04:00
lostpass.tpl
Remove whitespace from opening HTML tag ending
2021-05-20 08:39:36 -04:00
mail_conv.tpl
spelling: height
2023-03-26 16:03:23 -04:00
mail_display.tpl
removed old comment that is no longer true
2014-09-06 00:14:25 +02:00
mail_head.tpl
Remove unused template variable $tabcontent in mail_head.tpl
2018-12-19 06:39:36 -05:00
mail_list.tpl
Remove whitespace from opening HTML tag ending
2021-05-20 08:39:36 -04:00
message_side.tpl
Avoid escaping relevant template variables
2018-12-16 22:38:32 -05:00
message-head.tpl
Fix new private message recipient input
2020-09-03 10:01:58 -04:00
micropro_img.tpl
Remove whitespace from opening HTML tag ending
2021-05-20 08:39:36 -04:00
micropro_txt.tpl
move html from function micropro() to own templates
2016-06-25 18:46:47 +02:00
msg-header.tpl
Fix Smarty reference to version constant after it was moved to App class (#13769)
2023-12-25 19:26:19 +01:00
nav_head.tpl
rework autocomplete: some cleanup and docu
2016-01-24 19:56:23 +01:00
nav.tpl
Channels are a new way to see different content
2023-09-01 21:56:59 +00:00
nogroup-template.tpl
Replace remaining references to contact_template.tpl by contact/entry.tpl
2022-11-16 16:23:47 -05:00
oauth_authorize.tpl
Apply suggestions from code review
2021-05-12 17:32:55 +02:00
oembed_video.tpl
Remove whitespace from opening HTML tag ending
2021-05-20 08:39:36 -04:00
page_tabs.tpl
Create new page_tabs template
2020-08-06 22:59:09 -04:00
paginate.tpl
Only shown pagination when not empty.
2018-04-22 20:44:22 +00:00
photo_album.tpl
Add RTL support for post titles and photo captions
2021-05-20 08:39:36 -04:00
photo_albums.tpl
Create /profile/{nickname}/photos route
2022-11-20 17:15:07 -05:00
photo_edit_head.tpl
removed old comment that is no longer true
2014-09-06 00:14:25 +02:00
photo_edit.tpl
Remove whitespace from opening HTML tag ending
2021-05-20 08:39:36 -04:00
photo_item.tpl
Add RTL support for item body in search and photo body
2021-05-19 10:36:25 -04:00
photo_top.tpl
Remove whitespace from opening HTML tag ending
2021-05-20 08:39:36 -04:00
photo_view.tpl
Move mod/lockview to Module\PermissionTooltip
2020-07-27 01:58:53 -04:00
photos_default_uploader_box.tpl
removed old comment that is no longer true
2014-09-06 00:14:25 +02:00
photos_default_uploader_submit.tpl
Remove whitespace from opening HTML tag ending
2021-05-20 08:39:36 -04:00
photos_head.tpl
Replace "group" with "circle" in the rest of the code
2023-05-27 22:01:45 -04:00
photos_recent.tpl
Avoid escaping relevant template variables
2018-12-16 22:38:32 -05:00
photos_upload.tpl
Create /profile/{nickname}/photos route
2022-11-20 17:15:07 -05:00
probe.tpl
Issue 9743: Added translatable texts
2021-03-08 21:17:27 +00:00
prv_message.tpl
Remove whitespace from opening HTML tag ending
2021-05-20 08:39:36 -04:00
pwdreset.tpl
HTML escaping
2019-05-10 10:52:53 +02:00
register.tpl
spelling: explicit
2023-03-26 16:03:23 -04:00
scroll_loader.tpl
Escape values to input fields (and some 'title' and 'alt')
2015-02-16 09:30:12 +01:00
search_item.tpl
Normalize item action label key name
2023-07-09 21:00:36 -04:00
searchbox.tpl
Replace path parameter with query string parameter in Module\Search\Saved
2019-10-13 08:39:41 -04:00
section_title.tpl
Make frio more consistent by replacing textual links with icons everywhere. (#5415)
2018-07-21 07:31:05 -04:00
shared_content.tpl
Update view/templates/shared_content.tpl
2023-11-19 13:45:32 +01:00
smilies.tpl
Move mod/smilies to src/Module/Smilies
2019-05-05 19:39:02 +02:00
structure.tpl
Handling of special characters
2021-06-14 12:38:42 +00:00
tables.tpl
Handling of special characters
2021-06-14 12:38:42 +00:00
theme_admin_settings.tpl
Vier: Avoid an error when calling the admin settings of "vier" when "vier" is not activated.
2015-10-05 17:38:57 +02:00
theme_settings.tpl
Empty template to avoid errors when installing themes.
2014-04-29 13:33:39 +02:00
threaded_conversation.tpl
Remove whitespace from opening HTML tag ending
2021-05-20 08:39:36 -04:00
toggle_mobile_footer.tpl
removed old comment that is no longer true
2014-09-06 00:14:25 +02:00
tos.tpl
Rules added
2022-12-03 21:15:08 +00:00
uexport.tpl
"get_baseurl" and "z_root" are disappearing ...
2016-02-17 23:47:32 +01:00
video_top.tpl
Preview for Videos and images / Video resolution selection
2021-04-28 19:05:46 +00:00
videos_head.tpl
Remove references to video.js
2018-01-22 20:45:42 -05:00
videos_recent.tpl
basic video playback support using VideoJS
2013-05-03 18:17:56 -06:00
voting_fakelink.tpl
Avoid escaping relevant template variables
2018-12-16 22:38:32 -05:00
wall_thread.tpl
Merge pull request #13268 from MrPetovan/task/normalize-item-action-label
2023-07-10 10:01:50 +02:00
webfinger.tpl
Issue 9743: Added translatable texts
2021-03-08 21:17:27 +00:00
welcome.tpl
Replace "group" with "circle" in the rest of the code
2023-05-27 22:01:45 -04:00