sbrl-github/Pepperminty-Wiki
sbrl-github/Pepperminty-Wiki
1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-06-01 09:53:02 +00:00
Code Activity
1790 commits 5 branches 62 tags 9.2 MiB
Commit graph

896 commits

Author SHA1 Message Date
Starbeamrainbowlabs 021ebaea22
Fix crash when loading the stats page 2022-01-05 02:47:28 +00:00
Starbeamrainbowlabs 4853c1f604
fix login when hosting Pepperminty Wiki in a subdirectory 2021-09-30 21:26:30 +01:00
Starbeamrainbowlabs 7cf545a3ca
Fix more intelligent returnto redirect 2021-09-30 21:06:07 +01:00
Starbeamrainbowlabs fa407ce99d
login: regenerate sessiono token on login; make returnto sanitisation more intelligent 2021-09-27 21:32:39 +01:00
Starbeamrainbowlabs 4f3a1c3757
Display returnto URL above the login form if present to further mitigate CSRF issues 2021-09-27 20:51:12 +01:00
Starbeamrainbowlabs 7b6cbbe821
feature-upload: ensure that Javascript in SVG images does not execute 
My first time using Content-Security-Policy. Yay!

It's real powerful, but I have yet to find a good generator to help me 
create more complex policies. In this case, the policy allows everything 
by default, but disables all Javascript.

This new Content-Security-Policy header is served for all image 
previews.
 2021-09-21 14:04:42 +01:00
Starbeamrainbowlabs f59e68127c
Ensured that the returnto GET parameter leads you only to another place on your Pepperminty Wiki instance (thanks, @JamieSlome) 2021-09-21 13:40:12 +01:00
Starbeamrainbowlabs 4be6a181cb
Bugfix: XSS in format GET param of stats action 2021-09-21 13:29:27 +01:00
Starbeamrainbowlabs 14eb9e0d41
fixup 2021-09-03 02:04:49 +01:00
Starbeamrainbowlabs edd1702ea3
page-sitemap: tweak description 2021-09-03 02:04:41 +01:00
Starbeamrainbowlabs ec0b556892
recent changes: fix broken charactetr when displaying page moves 2021-09-03 02:01:24 +01:00
Starbeamrainbowlabs de4536e173
page-view: XSS again again again 2021-09-03 01:50:09 +01:00
Starbeamrainbowlabs fef9102393
page-move: htmlentities & returnto support in login URLs 2021-09-03 01:41:51 +01:00
Starbeamrainbowlabs c0c2bd7f6a
page-login: minor htmlentities for breakfast, lunch, and tea 2021-09-03 01:37:11 +01:00
Starbeamrainbowlabs e2517c0b20
page-list: Yep, you guessed it! XSS again..... 2021-09-03 01:34:38 +01:00
Starbeamrainbowlabs 7aaded1f40
page-help: Add formats to data size bar on ?action=help&dev=yes 2021-09-03 01:29:49 +01:00
Starbeamrainbowlabs 9bd69b1b01
page-export: XSS 2021-09-03 01:26:14 +01:00
Starbeamrainbowlabs 42ad55c849
page-edit: XSS 2021-09-03 01:23:42 +01:00
Starbeamrainbowlabs 3f286b4cda
page-delete: fix XSS 2021-09-03 01:16:29 +01:00
Starbeamrainbowlabs 54166c9b79
page-credits: htmlentities *everywhere* 2021-09-03 01:12:49 +01:00
Starbeamrainbowlabs 4dda12d195
feaature-watchlist: minor XSS improvements 2021-09-03 01:10:54 +01:00
Starbeamrainbowlabs 2844a47f9f
feature-user-table: fix potential obscure XSS attack 2021-09-03 01:08:27 +01:00
Starbeamrainbowlabs 2d6bf1df70
feature-user-preferences: fiix potential xss vulnerabilities 2021-09-03 01:01:38 +01:00
Starbeamrainbowlabs 227a7ac662
feature-upload: fix potential XSS attacks 2021-09-03 00:42:36 +01:00
Starbeamrainbowlabs 6dd3e52a9c
feature-theme-gallery: fill in help text 2021-09-03 00:26:55 +01:00
Starbeamrainbowlabs 538f899018
feturee-stats: minor admindetails_name issue 2021-09-03 00:14:53 +01:00
Starbeamrainbowlabs 98485e7bd2
feature-search: fix potential XSS 2021-09-03 00:00:49 +01:00
Starbeamrainbowlabs d977d594e6
feture-recent-changes: fix typo 2021-09-02 23:02:01 +01:00
Starbeamrainbowlabs 0ff5ab20ec
feature-interwiki-links: fix potential XSS attack 2021-09-02 23:00:50 +01:00
Starbeamrainbowlabs b5b38166ac
feature-history: fix potential XSS attack 2021-09-02 22:58:19 +01:00
Starbeamrainbowlabs 3f61c9eac0
feature-guiconfig: fix potential obscure XSS 2021-09-02 22:53:59 +01:00
Starbeamrainbowlabs 80f77a93b5
feature-comments: fix potential XSS 2021-09-02 22:50:00 +01:00
Starbeamrainbowlabs a1259ec8d9
action-random: use new slugify() function 2021-09-02 22:39:10 +01:00
Starbeamrainbowlabs bacfc11723
fixup 2021-09-02 22:29:48 +01:00
Starbeamrainbowlabs 51be347000
action-protect: fix 2021-09-02 22:29:39 +01:00
Starbeamrainbowlabs f400da6dce
Page renderer: Automatically run htmlentities() on all titles 2021-09-02 21:34:40 +01:00
Starbeamrainbowlabs e0f65c2e65
action-hash: fix potential XSS in string GET param 2021-09-02 21:27:26 +01:00
Starbeamrainbowlabs b6fc5941b7
feature-watchlist: fix format GET parameter 2021-09-02 21:23:31 +01:00
Starbeamrainbowlabs dfe76d1d9b
feature-watchlist: Fix Potential XSS in do GET parameter 2021-09-02 21:21:17 +01:00
Starbeamrainbowlabs 96546184dc
Implement simple slugify function 
I suspect I may have to fix a number of issues here.....
 2021-09-02 21:19:31 +01:00
Starbeamrainbowlabs 0a77065c3f
Bugfix: Fix stored XSS attack - ref CVE-2021-38600 
See https://github.com/hmaverickadams/CVE-2021-38600

For some reason the author did not think ti wise to let me know 
privately first - instead publicly announcing it via a GitHub repo..... 
sigh.

In addition, is this *really* a vulnerability? Since Pepperminty Wiki 
requires the site secret to set it up, I can't see that this has a real 
impact.

Still, I'll fix it anyway.....
 2021-09-02 20:54:06 +01:00
Starbeamrainbowlabs fab1b52882
Bugfix: fix error handling logic 2021-08-15 21:46:19 +01:00
Starbeamrainbowlabs ba70f74a96
Added automatic system requirements indicator to first run 2021-08-06 01:50:08 +01:00
Starbeamrainbowlabs e7b3f5e0d0
feature-upload: add function / class existence checks where functions from php extensions are required 2021-08-06 01:49:59 +01:00
Starbeamrainbowlabs fb9eec2d33
Fix & improve sidebar 2021-07-21 00:44:31 +01:00
Starbeamrainbowlabs 86206195b6
Fix crash when using the search bar in recent versions of php 2021-07-20 23:54:56 +01:00
Starbeamrainbowlabs 0c9934038c
feature-cli: fix typo 2021-06-10 20:11:53 +01:00
Starbeamrainbowlabs 26f5838ce0
Add experimental [display text](./Page Name.md) style internal links 
This  is transparently handled by a wrapper around inlineLink, which 
conditionally bails by returning the parent if parsing fails. It then 
~~ab~~uses inlineInternalLink to provide proper internal link support.

Fixes #190.
 2021-04-11 21:47:41 +01:00
Starbeamrainbowlabs 77880d9410
search: properly apply weightings in titlels and tags 2021-02-10 22:17:38 +00:00
Starbeamrainbowlabs e76eaf5963
feature-stats: bump version 2020-11-20 21:20:05 +00:00