1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-22 04:23:01 +00:00
Commit graph

481 commits

Author SHA1 Message Date
7698290ee5
unpacking: catch all possible errors from ZipArchive->open()
Thanks, @daveschroeter
For #249, but does NOT fix it
2023-10-12 00:51:25 +01:00
b2b9606622
Bugfix: correct help page link for interwiki links 2023-09-10 13:46:50 +01:00
0eca133679
update changelog 2023-02-19 02:18:53 +00:00
63771c4078
Bump version for v0.24! 2023-02-19 01:51:05 +00:00
0e675f4c6f
parsedown: fix templating under circumstances 2023-01-26 20:51:07 +00:00
c6fb3cdd6e
credits: fix typo
fixes #233
2022-09-17 17:36:20 +01:00
b2ba00df56
Document redirect and redirected_from GET params to the view action 2022-08-14 21:41:17 +01:00
c767ab6621
Bump version to v0.24-beta2; update changelog 2022-08-03 01:13:22 +01:00
5e42121300
Bump versions 2022-07-05 01:13:17 +01:00
41838003e3
Update changelog 2022-07-04 23:55:48 +01:00
234f9fa371
Add x-tags to raw action 2022-06-29 00:06:36 +01:00
cfd45c75ae
Update changelog 2022-05-26 03:00:51 +01:00
e54bacdcac
page-edit: fix user page permissions check to also occur in the save action 2022-05-26 01:12:51 +01:00
49a675c042
Return a 409 Conflict instead of a 200 OK on an edit conflict when saving a page in the save action 2022-05-25 23:50:55 +01:00
3f76c64b82
Make PeppermintParsedown::extract_page_names more multibyte safe to avoid empty statistics 2022-04-24 14:38:21 +01:00
bf2d797d92
oneboxing: change to use [[[triple square brackets]]]
This is because for some reason when extending Parsedown to add a new 
block type for [[internal links]] to detect oneboxing means that it's 
impossible to  tell if we're inside e.g. a bulleted list or not :-/
2022-03-17 03:20:21 +00:00
434abdf29f
Add initial simple oneboxing support 2022-03-12 02:52:53 +00:00
bb9a56f59a
StorageBox: Fix crash when index.php is a symlink 2022-02-27 15:56:34 +00:00
ae4d03da17
Bugfix: Banish erroneous additional entries in complex tables of contents 2022-02-18 23:59:42 +00:00
334b928c1e
Add initial support for embedding videos from YouTube, Vimeo, etc 2022-02-07 02:46:47 +00:00
439187139d
Bugfix: fix crash when attempting to leave a top-level comment 2022-02-06 00:24:55 +00:00
021ebaea22
Fix crash when loading the stats page 2022-01-05 02:47:28 +00:00
4853c1f604
fix login when hosting Pepperminty Wiki in a subdirectory 2021-09-30 21:26:30 +01:00
7cf545a3ca
Fix more intelligent returnto redirect 2021-09-30 21:06:07 +01:00
fa407ce99d
login: regenerate sessiono token on login; make returnto sanitisation more intelligent 2021-09-27 21:32:39 +01:00
4f3a1c3757
Display returnto URL above the login form if present to further mitigate CSRF issues 2021-09-27 20:51:12 +01:00
2e1e1d0535
100-run: fix XSS when action is not found 2021-09-25 11:42:07 +01:00
978da55e00
Update changelog 2021-09-21 14:10:02 +01:00
f59e68127c
Ensured that the returnto GET parameter leads you only to another place on your Pepperminty Wiki instance (thanks, @JamieSlome) 2021-09-21 13:40:12 +01:00
4be6a181cb
Bugfix: XSS in format GET param of stats action 2021-09-21 13:29:27 +01:00
05555e7d55
Changelog: fix heading indents 2021-09-15 14:42:50 +01:00
6b9dfbcf68
Update changelog again 2021-09-03 02:26:47 +01:00
51475b41b1
Update Changelog 2021-09-03 02:25:58 +01:00
07eed388bd
Bump version 2021-09-03 02:05:24 +01:00
ec0b556892
recent changes: fix broken charactetr when displaying page moves 2021-09-03 02:01:24 +01:00
7aaded1f40
page-help: Add formats to data size bar on ?action=help&dev=yes 2021-09-03 01:29:49 +01:00
1f51bf31c6
Add new file formats to the list of allowed formats for uploaded files:
image/avif
image/jxl

Also, lesser known image formats:

image/hief image/heic
2021-09-03 00:52:01 +01:00
4a00a404e1
Update changelog 2021-09-03 00:28:20 +01:00
80f77a93b5
feature-comments: fix potential XSS 2021-09-02 22:50:00 +01:00
51be347000
action-protect: fix 2021-09-02 22:29:39 +01:00
d5ef65ce01
Update changelog 2021-09-02 21:35:12 +01:00
e0f65c2e65
action-hash: fix potential XSS in string GET param 2021-09-02 21:27:26 +01:00
b6fc5941b7
feature-watchlist: fix format GET parameter 2021-09-02 21:23:31 +01:00
4fdbd9a427
Update changelog 2021-09-02 21:22:03 +01:00
96546184dc
Implement simple slugify function
I suspect I may have to fix a number of issues here.....
2021-09-02 21:19:31 +01:00
473e8e1fc9
Update changelog 2021-09-02 21:08:53 +01:00
0a77065c3f
Bugfix: Fix stored XSS attack - ref CVE-2021-38600
See https://github.com/hmaverickadams/CVE-2021-38600

For some reason the author did not think ti wise to let me know 
privately first - instead publicly announcing it via a GitHub repo..... 
sigh.

In addition, is this *really* a vulnerability? Since Pepperminty Wiki 
requires the site secret to set it up, I can't see that this has a real 
impact.

Still, I'll fix it anyway.....
2021-09-02 20:54:06 +01:00
fab1b52882
Bugfix: fix error handling logic 2021-08-15 21:46:19 +01:00
ba70f74a96
Added automatic system requirements indicator to first run 2021-08-06 01:50:08 +01:00
e7b3f5e0d0
feature-upload: add function / class existence checks where functions from php extensions are required 2021-08-06 01:49:59 +01:00