Pepperminty-Wiki

mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-06-01 09:53:02 +00:00

Author	SHA1	Message	Date
Natali	4426f333d0	Update 04-Getting-Started.md	2022-02-18 08:57:28 -07:00
Natali	fd9db1e5d3	adding IIS config to Getting Started instructions	2022-02-18 08:56:33 -07:00
Starbeamrainbowlabs	9112884949	README: Update todo list	2022-02-07 03:01:14 +00:00
Starbeamrainbowlabs	334b928c1e	Add initial support for embedding videos from YouTube, Vimeo, etc	2022-02-07 02:46:47 +00:00
Starbeamrainbowlabs	4065f1c0ea	themes photo: support <object>, add <iframe> as in previous commit	2022-02-07 02:26:00 +00:00
Starbeamrainbowlabs	1a9514594d	themes: treat iframe as img, audio, and video HTML elements	2022-02-07 02:25:34 +00:00
Starbeamrainbowlabs	439187139d	Bugfix: fix crash when attempting to leave a top-level comment	2022-02-06 00:24:55 +00:00
Starbeamrainbowlabs	75e2abce0f	parser-parsedown: fix typo in help	2022-01-30 02:36:48 +00:00
Starbeamrainbowlabs	021ebaea22	Fix crash when loading the stats page	2022-01-05 02:47:28 +00:00
Starbeamrainbowlabs	4853c1f604	fix login when hosting Pepperminty Wiki in a subdirectory	2021-09-30 21:26:30 +01:00
Starbeamrainbowlabs	7cf545a3ca	Fix more intelligent returnto redirect	2021-09-30 21:06:07 +01:00
Starbeamrainbowlabs	fa407ce99d	login: regenerate sessiono token on login; make returnto sanitisation more intelligent	2021-09-27 21:32:39 +01:00
Starbeamrainbowlabs	4f3a1c3757	Display returnto URL above the login form if present to further mitigate CSRF issues	2021-09-27 20:51:12 +01:00
Starbeamrainbowlabs	2e1e1d0535	100-run: fix XSS when action is not found	2021-09-25 11:42:07 +01:00
Starbeamrainbowlabs	978da55e00	Update changelog	2021-09-21 14:10:02 +01:00
Starbeamrainbowlabs	7b6cbbe821	feature-upload: ensure that Javascript in SVG images does not execute My first time using Content-Security-Policy. Yay! It's real powerful, but I have yet to find a good generator to help me create more complex policies. In this case, the policy allows everything by default, but disables all Javascript. This new Content-Security-Policy header is served for all image previews.	2021-09-21 14:04:42 +01:00
Starbeamrainbowlabs	f59e68127c	Ensured that the `returnto` GET parameter leads you only to another place on your Pepperminty Wiki instance (thanks, @JamieSlome)	2021-09-21 13:40:12 +01:00
Starbeamrainbowlabs	4be6a181cb	Bugfix: XSS in format GET param of stats action	2021-09-21 13:29:27 +01:00
Starbeamrainbowlabs	bca154859c	Apparently security researchers have a big problem with reading.	2021-09-20 01:05:26 +01:00
Starbeamrainbowlabs	05555e7d55	Changelog: fix heading indents	2021-09-15 14:42:50 +01:00
Starbeamrainbowlabs	874f703c39	Bugfix build.sh: fix shellcheck error	2021-09-11 01:14:28 +01:00
Starbeamrainbowlabs	a3c0f04668	README: Add explicit security section	2021-09-05 15:58:09 +01:00
Starbeamrainbowlabs	ae1842d064	docs: Add web server config snippet for Apache (thanks, @viradpt!) and Nginx	2021-09-03 21:12:36 +01:00
Starbeamrainbowlabs	fd8703470d	docs/making a release: Add tweet template text	2021-09-03 02:37:56 +01:00
Starbeamrainbowlabs	d84411b746	Bump version to v0.24-dev	2021-09-03 02:34:50 +01:00
Starbeamrainbowlabs	6b9dfbcf68	Update changelog again	2021-09-03 02:26:47 +01:00
Starbeamrainbowlabs	51475b41b1	Update Changelog	2021-09-03 02:25:58 +01:00
Starbeamrainbowlabs	8e4afbc31c	build.sh: fix xargs warning	2021-09-03 02:07:47 +01:00
Starbeamrainbowlabs	07eed388bd	Bump version	2021-09-03 02:05:24 +01:00
Starbeamrainbowlabs	14eb9e0d41	fixup	2021-09-03 02:04:49 +01:00
Starbeamrainbowlabs	edd1702ea3	page-sitemap: tweak description	2021-09-03 02:04:41 +01:00
Starbeamrainbowlabs	ec0b556892	recent changes: fix broken charactetr when displaying page moves	2021-09-03 02:01:24 +01:00
Starbeamrainbowlabs	525dbaa3e1	page history: fix username rendering	2021-09-03 02:01:07 +01:00
Starbeamrainbowlabs	0a950425e1	Bugfix: fix new slugify function	2021-09-03 01:55:05 +01:00
Starbeamrainbowlabs	de4536e173	page-view: XSS again again again	2021-09-03 01:50:09 +01:00
Starbeamrainbowlabs	fef9102393	page-move: htmlentities & returnto support in login URLs	2021-09-03 01:41:51 +01:00
Starbeamrainbowlabs	c0c2bd7f6a	page-login: minor htmlentities for breakfast, lunch, and tea	2021-09-03 01:37:11 +01:00
Starbeamrainbowlabs	e2517c0b20	page-list: Yep, you guessed it! XSS again.....	2021-09-03 01:34:38 +01:00
Starbeamrainbowlabs	7aaded1f40	page-help: Add formats to data size bar on ?action=help&dev=yes	2021-09-03 01:29:49 +01:00
Starbeamrainbowlabs	9bd69b1b01	page-export: XSS	2021-09-03 01:26:14 +01:00
Starbeamrainbowlabs	42ad55c849	page-edit: XSS	2021-09-03 01:23:42 +01:00
Starbeamrainbowlabs	3f286b4cda	page-delete: fix XSS	2021-09-03 01:16:29 +01:00
Starbeamrainbowlabs	54166c9b79	page-credits: htmlentities everywhere	2021-09-03 01:12:49 +01:00
Starbeamrainbowlabs	4dda12d195	feaature-watchlist: minor XSS improvements	2021-09-03 01:10:54 +01:00
Starbeamrainbowlabs	2844a47f9f	feature-user-table: fix potential obscure XSS attack	2021-09-03 01:08:27 +01:00
Starbeamrainbowlabs	2d6bf1df70	feature-user-preferences: fiix potential xss vulnerabilities	2021-09-03 01:01:38 +01:00
Starbeamrainbowlabs	1f51bf31c6	Add new file formats to the list of allowed formats for uploaded files: image/avif image/jxl Also, lesser known image formats: image/hief image/heic	2021-09-03 00:52:01 +01:00
Starbeamrainbowlabs	227a7ac662	feature-upload: fix potential XSS attacks	2021-09-03 00:42:36 +01:00
Starbeamrainbowlabs	4a00a404e1	Update changelog	2021-09-03 00:28:20 +01:00
Starbeamrainbowlabs	6dd3e52a9c	feature-theme-gallery: fill in help text	2021-09-03 00:26:55 +01:00

1 2 3 4 5 ...

1798 commits