1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-22 04:23:01 +00:00
Commit graph

26 commits

Author SHA1 Message Date
de4536e173
page-view: XSS again again again 2021-09-03 01:50:09 +01:00
39af83caf9
page-renderer: use htmlentities on admindetails_name
This is NOT to fix a security issue - rather to allow the admin's name 
to contain special characters. Note that the admin's name can only be 
changed either in peppermint.json or via the admin settings panel (which 
only admins can access). If you're worries about admins serving 
arbitrary HTML, then Pepperminty Wiki is not for you because they could 
serve a random static HTML file that they've uploaded to their web 
server for instance.
2021-09-03 00:09:44 +01:00
f400da6dce
Page renderer: Automatically run htmlentities() on all titles 2021-09-02 21:34:40 +01:00
cfd087d919
Add MPL 2.0 short header to core code files 2020-09-23 23:22:39 +01:00
0085ddf0c4
Don't emit custom css unless there's something to emit 2020-08-31 21:04:59 +01:00
23998f60bf
Bugfix: correctly escape ampersands with htmlentities in URLs 2020-08-31 21:00:15 +01:00
3c5a407356
Really fix #205 2020-08-11 23:01:44 +01:00
93bff09422
Update hide_email implementation
It now requires Javascript to decode the email address. If this is a 
problem for whatever reason, please get in touch by opening an issue. I 
take accessibility very seriously.
2020-08-09 23:53:29 +01:00
45c2fa56cd
Add more type hints, and fail to get Server-Timing working.
Note to self: If we do end up implementing it, remember that 
$env->perfdata does containsensitive information sometimes, so we might 
need to revise our approach a bit (e.g. only sending it to authenticated 
admins)
2020-07-28 02:10:28 +01:00
093b405182
Add meta theme-color support 2020-05-24 01:59:05 +01:00
7548c1e7ee
Bugfix: Fix alt + enter search box submit failing with allow popups message 2019-12-23 20:52:48 +00:00
23f526baaa
Bugfix: Avoid inadvertent link loop for bots on login page 2019-12-19 15:36:41 +00:00
d3e83a0aea
page_renderer: Don't generate the page list for the datalist if it's not displayed 2019-12-08 20:27:20 +00:00
f543321304
Bugfix: Correct CSS rendering 2019-09-29 16:10:58 +01:00
e91852ca68
Finish implementing $settings->css_custom 2019-09-29 16:09:27 +01:00
6120fa8842
Refactor css minification code out into own function 2019-09-29 15:54:40 +01:00
dcd3c00d83
Squash warnings about non-static methods in the page renderer 2019-09-11 22:11:13 +01:00
157c6dabdd
If it's a list of strings, then it should be sorted correctly. 2019-09-03 18:16:01 +01:00
bcc8f0be27
More accessibility improvements, and noodle away at the darak theme.
Looks like we're going to have to come up with our own button style, 
which is going to be a bit of a pain tbh :-/
2019-08-30 23:13:16 +01:00
5e5f47fdda
Add aria-label 2019-08-30 21:31:14 +01:00
ff51b6613c
Mark user avatar on top nav bar as hidden against screen readers 2019-08-30 18:23:17 +01:00
4e3426644c
Style the new mega-menu option.
It still needs more testing though - e.g. to ensure we haven't broken 
the existing setup :P
2019-08-30 00:41:25 +01:00
2a567ba8c8
Fix html structure for mega-menu. Next up: CSS! :D 2019-08-29 20:57:14 +01:00
3374bdedc3
Add support for mega menus, but it's untested 2019-08-29 17:19:57 +01:00
45befb5ff1
Work on automatic theme index & preview generation 2019-08-25 21:38:28 +01:00
f63553fb92
Split core.php up into 16(!) different files.
This has been a looong time in coming. 1.9K links is _far_ too much for 
any file.
2019-03-02 16:45:34 +00:00