1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-22 16:33:00 +00:00
Commit graph

1870 commits

Author SHA1 Message Date
e54bacdcac
page-edit: fix user page permissions check to also occur in the save action 2022-05-26 01:12:51 +01:00
71544b5d9d
Merge branch 'master' of github.com:sbrl/Pepperminty-Wiki 2022-05-25 23:51:02 +01:00
49a675c042
Return a 409 Conflict instead of a 200 OK on an edit conflict when saving a page in the save action 2022-05-25 23:50:55 +01:00
f4ff1f41e1
Remove debug logging 2022-05-18 15:36:13 +01:00
5b0619b0a2
docs: tweak language about peppermint.json 2022-05-01 02:31:35 +01:00
727ccb10dd
Merge branch 'master' of github.com:sbrl/Pepperminty-Wiki 2022-04-24 14:38:29 +01:00
3f76c64b82
Make PeppermintParsedown::extract_page_names more multibyte safe to avoid empty statistics 2022-04-24 14:38:21 +01:00
454ea83758
Merge pull request #230 from sbrl/dependabot/npm_and_yarn/minimist-1.2.6
build(deps): bump minimist from 1.2.5 to 1.2.6
2022-04-04 16:32:07 +01:00
dependabot[bot]
ba56967489
build(deps): bump minimist from 1.2.5 to 1.2.6
Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/substack/minimist/releases)
- [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-02 04:01:52 +00:00
bf2d797d92
oneboxing: change to use [[[triple square brackets]]]
This is because for some reason when extending Parsedown to add a new 
block type for [[internal links]] to detect oneboxing means that it's 
impossible to  tell if we're inside e.g. a bulleted list or not :-/
2022-03-17 03:20:21 +00:00
dd60208d4f
theme blue: style onebox 2022-03-12 13:27:47 +00:00
c64980eee9
theme photo: style onebox 2022-03-12 13:27:06 +00:00
7f95593524
theme default: tweak appearance of onebox 2022-03-12 13:23:12 +00:00
434abdf29f
Add initial simple oneboxing support 2022-03-12 02:52:53 +00:00
f4f08d8066
docs: Update apiDoc
As it turns out, we used @apiVersion for things that weren't HTTP API 
routes. In such cases, the recommended directive is @since, not 
@apiVersion
2022-02-27 16:19:35 +00:00
dd0ecaa6f0
Update development dependencies 2022-02-27 16:07:10 +00:00
3cb1ec7519
Update dependencies 2022-02-27 15:57:22 +00:00
bb9a56f59a
StorageBox: Fix crash when index.php is a symlink 2022-02-27 15:56:34 +00:00
d99ca1685c
lib-storage-box: make more robust
I have no idea what's going on here
2022-02-27 15:35:01 +00:00
0ecc874fc1
credits: add author of latest PR 2022-02-19 15:22:05 +00:00
5db18f7ad8
Merge pull request #229 from npnance/patch-1
adding IIS config to Getting Started instructions
2022-02-19 14:06:58 +00:00
ae4d03da17
Bugfix: Banish erroneous additional entries in complex tables of contents 2022-02-18 23:59:42 +00:00
Natali
4426f333d0
Update 04-Getting-Started.md 2022-02-18 08:57:28 -07:00
Natali
fd9db1e5d3
adding IIS config to Getting Started instructions 2022-02-18 08:56:33 -07:00
9112884949
README: Update todo list 2022-02-07 03:01:14 +00:00
334b928c1e
Add initial support for embedding videos from YouTube, Vimeo, etc 2022-02-07 02:46:47 +00:00
4065f1c0ea
themes photo: support <object>, add <iframe> as in previous commit 2022-02-07 02:26:00 +00:00
1a9514594d
themes: treat iframe as img, audio, and video HTML elements 2022-02-07 02:25:34 +00:00
439187139d
Bugfix: fix crash when attempting to leave a top-level comment 2022-02-06 00:24:55 +00:00
75e2abce0f
parser-parsedown: fix typo in help 2022-01-30 02:36:48 +00:00
021ebaea22
Fix crash when loading the stats page 2022-01-05 02:47:28 +00:00
4853c1f604
fix login when hosting Pepperminty Wiki in a subdirectory 2021-09-30 21:26:30 +01:00
7cf545a3ca
Fix more intelligent returnto redirect 2021-09-30 21:06:07 +01:00
fa407ce99d
login: regenerate sessiono token on login; make returnto sanitisation more intelligent 2021-09-27 21:32:39 +01:00
4f3a1c3757
Display returnto URL above the login form if present to further mitigate CSRF issues 2021-09-27 20:51:12 +01:00
2e1e1d0535
100-run: fix XSS when action is not found 2021-09-25 11:42:07 +01:00
978da55e00
Update changelog 2021-09-21 14:10:02 +01:00
7b6cbbe821
feature-upload: ensure that Javascript in SVG images does not execute
My first time using Content-Security-Policy. Yay!

It's real powerful, but I have yet to find a good generator to help me 
create more complex policies. In this case, the policy allows everything 
by default, but disables all Javascript.

This new Content-Security-Policy header is served for all image 
previews.
2021-09-21 14:04:42 +01:00
f59e68127c
Ensured that the returnto GET parameter leads you only to another place on your Pepperminty Wiki instance (thanks, @JamieSlome) 2021-09-21 13:40:12 +01:00
4be6a181cb
Bugfix: XSS in format GET param of stats action 2021-09-21 13:29:27 +01:00
bca154859c
Apparently security researchers have a big problem with reading. 2021-09-20 01:05:26 +01:00
05555e7d55
Changelog: fix heading indents 2021-09-15 14:42:50 +01:00
874f703c39
Bugfix build.sh: fix shellcheck error 2021-09-11 01:14:28 +01:00
a3c0f04668
README: Add explicit security section 2021-09-05 15:58:09 +01:00
ae1842d064
docs: Add web server config snippet for Apache (thanks, @viradpt!) and Nginx 2021-09-03 21:12:36 +01:00
fd8703470d
docs/making a release: Add tweet template text 2021-09-03 02:37:56 +01:00
d84411b746
Bump version to v0.24-dev 2021-09-03 02:34:50 +01:00
6b9dfbcf68
Update changelog again 2021-09-03 02:26:47 +01:00
51475b41b1
Update Changelog 2021-09-03 02:25:58 +01:00
8e4afbc31c
build.sh: fix xargs warning 2021-09-03 02:07:47 +01:00