sbrl-github/Pepperminty-Wiki
sbrl-github
/
Pepperminty-Wiki
mirror of https://github.com/sbrl/Pepperminty-Wiki.git
1
0
Fork 0
Code
1,863 Commits 5 Branches 62 Tags 9.2 MiB
Commit Graph

926 Commits

Author SHA1 Message Date
Starbeamrainbowlabs 4dda12d195
feaature-watchlist: minor XSS improvements 2021-09-03 01:10:54 +01:00
Starbeamrainbowlabs 2844a47f9f
feature-user-table: fix potential obscure XSS attack 2021-09-03 01:08:27 +01:00
Starbeamrainbowlabs 2d6bf1df70
feature-user-preferences: fiix potential xss vulnerabilities 2021-09-03 01:01:38 +01:00
Starbeamrainbowlabs 227a7ac662
feature-upload: fix potential XSS attacks 2021-09-03 00:42:36 +01:00
Starbeamrainbowlabs 6dd3e52a9c
feature-theme-gallery: fill in help text 2021-09-03 00:26:55 +01:00
Starbeamrainbowlabs 538f899018
feturee-stats: minor admindetails_name issue 2021-09-03 00:14:53 +01:00
Starbeamrainbowlabs 98485e7bd2
feature-search: fix potential XSS 2021-09-03 00:00:49 +01:00
Starbeamrainbowlabs d977d594e6
feture-recent-changes: fix typo 2021-09-02 23:02:01 +01:00
Starbeamrainbowlabs 0ff5ab20ec
feature-interwiki-links: fix potential XSS attack 2021-09-02 23:00:50 +01:00
Starbeamrainbowlabs b5b38166ac
feature-history: fix potential XSS attack 2021-09-02 22:58:19 +01:00
Starbeamrainbowlabs 3f61c9eac0
feature-guiconfig: fix potential obscure XSS 2021-09-02 22:53:59 +01:00
Starbeamrainbowlabs 80f77a93b5
feature-comments: fix potential XSS 2021-09-02 22:50:00 +01:00
Starbeamrainbowlabs a1259ec8d9
action-random: use new slugify() function 2021-09-02 22:39:10 +01:00
Starbeamrainbowlabs bacfc11723
fixup 2021-09-02 22:29:48 +01:00
Starbeamrainbowlabs 51be347000
action-protect: fix 2021-09-02 22:29:39 +01:00
Starbeamrainbowlabs f400da6dce
Page renderer: Automatically run htmlentities() on all titles 2021-09-02 21:34:40 +01:00
Starbeamrainbowlabs e0f65c2e65
action-hash: fix potential XSS in string GET param 2021-09-02 21:27:26 +01:00
Starbeamrainbowlabs b6fc5941b7
feature-watchlist: fix format GET parameter 2021-09-02 21:23:31 +01:00
Starbeamrainbowlabs dfe76d1d9b
feature-watchlist: Fix Potential XSS in do GET parameter 2021-09-02 21:21:17 +01:00
Starbeamrainbowlabs 96546184dc
Implement simple slugify function 
I suspect I may have to fix a number of issues here.....
 2021-09-02 21:19:31 +01:00
Starbeamrainbowlabs 0a77065c3f
Bugfix: Fix stored XSS attack - ref CVE-2021-38600 
See https://github.com/hmaverickadams/CVE-2021-38600

For some reason the author did not think ti wise to let me know 
privately first - instead publicly announcing it via a GitHub repo..... 
sigh.

In addition, is this *really* a vulnerability? Since Pepperminty Wiki 
requires the site secret to set it up, I can't see that this has a real 
impact.

Still, I'll fix it anyway.....
 2021-09-02 20:54:06 +01:00
Starbeamrainbowlabs fab1b52882
Bugfix: fix error handling logic 2021-08-15 21:46:19 +01:00
Starbeamrainbowlabs ba70f74a96
Added automatic system requirements indicator to first run 2021-08-06 01:50:08 +01:00
Starbeamrainbowlabs e7b3f5e0d0
feature-upload: add function / class existence checks where functions from php extensions are required 2021-08-06 01:49:59 +01:00
Starbeamrainbowlabs fb9eec2d33
Fix & improve sidebar 2021-07-21 00:44:31 +01:00
Starbeamrainbowlabs 86206195b6
Fix crash when using the search bar in recent versions of php 2021-07-20 23:54:56 +01:00
Starbeamrainbowlabs 0c9934038c
feature-cli: fix typo 2021-06-10 20:11:53 +01:00
Starbeamrainbowlabs 26f5838ce0
Add experimental [display text](./Page Name.md) style internal links 
This  is transparently handled by a wrapper around inlineLink, which 
conditionally bails by returning the parent if parsing fails. It then 
~~ab~~uses inlineInternalLink to provide proper internal link support.

Fixes #190.
 2021-04-11 21:47:41 +01:00
Starbeamrainbowlabs 77880d9410
search: properly apply weightings in titlels and tags 2021-02-10 22:17:38 +00:00
Starbeamrainbowlabs e76eaf5963
feature-stats: bump version 2020-11-20 21:20:05 +00:00
Starbeamrainbowlabs 05314c464e
Merge branch 'master' of github.com:sbrl/Pepperminty-Wiki 2020-11-20 21:13:42 +00:00
Starbeamrainbowlabs d29b87eb6d
Make the statistic update system more resilient 2020-11-20 21:13:31 +00:00
Popol d5e4332652
typo 2020-11-07 13:15:48 +01:00
Starbeamrainbowlabs 880c9e3796
Send `x-robots-tag: noindex,nofollow` with the login page 
SemrushBot, you better obey this one
 2020-10-26 18:59:53 +00:00
Starbeamrainbowlabs 2677bb8143
page-sitemap: add module 2020-10-26 18:26:59 +00:00
Starbeamrainbowlabs 7b3f06d539
page-credits: add page-sitemap support 2020-10-26 18:26:52 +00:00
Starbeamrainbowlabs d7128eed0e
api-status: add sitemap_url property if the page-sitemap module is present 2020-10-26 18:26:33 +00:00
Starbeamrainbowlabs 6abbdc4d1e
recent-changes: deduplicate in atom 
feed generation
 2020-10-26 18:24:53 +00:00
Starbeamrainbowlabs 7dd9bd74c4
Add support for creating pages whose name is not yet known - fixes #194 2020-10-25 22:50:03 +00:00
Starbeamrainbowlabs cfd087d919
Add MPL 2.0 short header to core code files 2020-09-23 23:22:39 +01:00
Starbeamrainbowlabs dfca17d1cf
more of the same - this time in page / tag lists 2020-08-31 21:02:49 +01:00
Starbeamrainbowlabs 9fad95035b
Fix inbody:searchterm advanced query syntax - fixes #210 (thanks to @SeanFromIT for the report) 2020-08-19 16:59:54 +01:00
Starbeamrainbowlabs 9b109face2
Merge pull request #206 from SeanFromIT/master 
adding WikiProject Paranormal
 2020-08-19 14:43:05 +01:00
Starbeamrainbowlabs b30d70927b
parser-parsedown: bump version 2020-08-18 13:52:44 +01:00
Starbeamrainbowlabs c2e4a04778
Fix #209 2020-08-18 13:49:16 +01:00
Sean Feeney c598dfbf6d phrasing fix 2020-08-14 18:55:27 -07:00
Starbeamrainbowlabs 8a05d79724
similar pages: tweak text 2020-08-11 18:13:47 +01:00
Starbeamrainbowlabs b1381552f0
feature-readingtime: improve algorithm by stripping markdown syntax 2020-08-11 15:46:34 +01:00
Starbeamrainbowlabs 89d835afa5
Don't redirect when clicking on a redirect page in the recent changes list 2020-08-11 01:02:17 +01:00
Starbeamrainbowlabs 93bff09422
Update hide_email implementation 
It now requires Javascript to decode the email address. If this is a 
problem for whatever reason, please get in touch by opening an issue. I 
take accessibility very seriously.
 2020-08-09 23:53:29 +01:00
Starbeamrainbowlabs 272fdea0ee
parser-parsedown: tweak help again 2020-08-09 17:11:12 +01:00
Starbeamrainbowlabs 9a0b2d6ba7
parser-parsedown: improve heading id documentation 2020-08-09 13:04:29 +01:00
Starbeamrainbowlabs c0fa5b8ae4
Finish improvements to pageindex rebuilder 
also squash warning from stats engine during the firstrun wizard
 2020-08-08 22:01:12 +01:00
Starbeamrainbowlabs 3b799cbcba
parser-parsedown: fix templating 2020-08-08 01:54:10 +01:00
Starbeamrainbowlabs ddb7cd9c18
action-raw: add new typeheader GET parameter 2020-08-08 01:18:01 +01:00
Starbeamrainbowlabs bbb3fc32ee
parser-parsedown: Add quick reference points in comments 2020-08-08 00:56:16 +01:00
Starbeamrainbowlabs 75c15d66b2
page-move: Ensure that the new subpage actually exists - fixes #201 2020-08-06 15:47:41 +01:00
Starbeamrainbowlabs b25c144f1e
Bump module versions 2020-08-06 15:29:15 +01:00
Starbeamrainbowlabs e3e2a01435
Improve PDF preview when embedded in pages - fixes #202 2020-08-06 15:28:24 +01:00
Starbeamrainbowlabs 1ec1705a62
Standardise error_log prefixes to aid clarity in multi-wiki environments 2020-07-28 19:42:41 +01:00
Starbeamrainbowlabs 7d93aa6a10
Overhaul the way we use setcookie() 
- Use SameSite=Strict to avoid issues in modern browsers & prevent 
session-stealing attacks
 - Use Secure when requests run over HTTPS by default to avoid 
downgrade-based session-stealing attacks
 - Add warning for PHP <= 7.2, as it doesn't support SameSite in 
setcookie().
 2020-07-28 19:40:22 +01:00
Starbeamrainbowlabs 0f23ce3fd1
redirect: fix redirect logic 2020-07-12 14:45:56 +01:00
Starbeamrainbowlabs 36e8fe2a17
feature-search: remove debugging 2020-07-11 01:00:16 +01:00
Starbeamrainbowlabs 31253edff4
feture-search: properly break reference after pointer foreach 
ref https://bugs.php.net/bug.php?id=70387
 2020-07-11 00:39:05 +01:00
Starbeamrainbowlabs 521b66394c
add missing variable name 2020-07-10 23:23:32 +01:00
Starbeamrainbowlabs 86216fd4c1
search: squash file_get_contents warning, but more insight is needed. closes #193. 2020-07-10 23:22:30 +01:00
Starbeamrainbowlabs b4e4094451
Bugfix libsearchengine: fix handling of exclusions that are in both the body and the title 2020-07-10 23:04:59 +01:00
Starbeamrainbowlabs 41009bb810
avatar: fix typo in uploaded avatar name & add new avatars_gravatar_enable setting 2020-07-10 19:46:06 +01:00
Starbeamrainbowlabs 450c2485ae
debug: obscure even more secrets 2020-07-09 00:44:13 +01:00
Starbeamrainbowlabs fae6e3ecae
debug: hide more secret stuff 2020-07-09 00:22:27 +01:00
Starbeamrainbowlabs 67fdba2baf
Security: Fix logic in page-debug 2020-07-09 00:15:54 +01:00
Starbeamrainbowlabs edc1a694dd
feature-comments: add 2 new settings 2020-07-08 19:35:42 +01:00
Starbeamrainbowlabs d94fc42547
Bugfix feature-redirect: fix typo in variable name 2020-07-07 21:19:50 +01:00
Starbeamrainbowlabs 47b5855396
feature-redirect: fix comment 2020-07-07 21:15:14 +01:00
Starbeamrainbowlabs 8aff75a805
Bugfix: Don't redirect when navigating to a redirect page from a page list 2020-07-07 21:11:13 +01:00
Starbeamrainbowlabs 1813fe73e2
Add absolute redirects 2020-07-07 21:10:38 +01:00
Starbeamrainbowlabs beb4e2e968
noindex, nofollow login pages to try and stop bots from getting into infinite loops 2020-06-11 20:52:25 +01:00
Starbeamrainbowlabs 237d10f908
Bugfix: Display link when redirect page sends user to a another page that doesn't exist Note that this only shows for users with permission to edit the target page at the moment. 2020-06-04 19:11:29 +01:00
Starbeamrainbowlabs 79ddc234d2
Bugfix: Squash warning when determining language in the fenced code block extensions 2020-06-04 01:42:29 +01:00
Starbeamrainbowlabs 90a2a3f6c6
Bugfix: Only show similar page suggestions if we're on the view action 2020-06-04 01:15:10 +01:00
Starbeamrainbowlabs 94bda35906
Add some basic sltye rules to make the suggested pages look less terrible 
Particularly with the photo theme we need to do some more work....
 2020-05-26 13:16:33 +01:00
Starbeamrainbowlabs 27b4d57c46
Bugfix: only replace the first instance when inserting the estimated reading time 2020-05-25 21:26:36 +01:00
Starbeamrainbowlabs e55308f50a
Display basic similar page suggestions. 
They are w=even appearing in the right pace!
Next up, we need to write the CSS to make it look pretty :D
 2020-05-25 21:15:19 +01:00
Starbeamrainbowlabs 5693c24358
Remove rogue semicolon 2020-05-25 00:32:26 +01:00
Starbeamrainbowlabs 725611ace4
readingtime: remove temporary error_log lines 2020-05-25 00:25:02 +01:00
Starbeamrainbowlabs d9024cbe59
readingtime: limit replacements to the 1st occurrence 2020-05-24 21:50:09 +01:00
Starbeamrainbowlabs cd96e43e0f
Add reading time estimation 
Disable with readingtime_enabled.
Also add new class system-text-insert for all things that appear below a 
wiki page's title <h1> and the beginning of the body text
 2020-05-24 21:47:40 +01:00
Starbeamrainbowlabs 6c11ef4957
parser: add id to automatic table of contents heading 2020-05-23 23:00:46 +01:00
Starbeamrainbowlabs 262e0eaadd
pser: fix issues in help text 2020-05-23 22:43:32 +01:00
Starbeamrainbowlabs eecdfa535b
pser: add super/sub script syntax to help text 2020-05-23 22:41:43 +01:00
Starbeamrainbowlabs 52e25a16a7
parser: update help text 2020-05-23 22:37:42 +01:00
Starbeamrainbowlabs 9a4467bc9f
parser/table of contents: ensure [__TOC__] is on a line by itself 2020-05-23 22:30:12 +01:00
Starbeamrainbowlabs 2b7add3f4f
parser: add table fo contents support 2020-05-23 22:28:33 +01:00
Starbeamrainbowlabs c4d0cc42d7
parser: make internal link syntax non-greedy. Why the heck was it working before? 
I guess we'll never know......
 2020-05-23 20:40:30 +01:00
Starbeamrainbowlabs 48567a96a8
parser: Add spoiler syntax, and fix regexes for other inline extensions 2020-05-23 20:38:01 +01:00
Starbeamrainbowlabs 764680b3c3
parser-parsedown: Add sub/superscript 2020-05-23 18:44:55 +01:00
Starbeamrainbowlabs 69cbda5e79
parser-parsedown: add marked text support 
Also update help text
 2020-05-23 12:57:04 +01:00
Starbeamrainbowlabs 908f14f92c
suggest-similar: update apidoc comment 2020-05-23 12:56:46 +01:00
Starbeamrainbowlabs 04bb67f505
Fiddle with parsedown versions, remove ParsedownExtreme, and add our own checkbox implementation 2020-05-23 02:06:59 +01:00
Starbeamrainbowlabs a0f6e89643
Start implementing similar pages system, but it's not finished yet 
We have the backend suggestion system done, but not the UI.
I can tell that this is going to require lots of tweaking to get just 
right. I suspect it might be a good idea to explore some possible 
tweakable settings we can add to allow people to tweak the engine to 
better suit their individual setups.
 2020-05-22 21:22:07 +01:00