Starbeamrainbowlabs
4be6a181cb
Bugfix: XSS in format GET param of stats action
2021-09-21 13:29:27 +01:00
Starbeamrainbowlabs
bca154859c
Apparently security researchers have a big problem with reading.
2021-09-20 01:05:26 +01:00
Starbeamrainbowlabs
05555e7d55
Changelog: fix heading indents
2021-09-15 14:42:50 +01:00
Starbeamrainbowlabs
874f703c39
Bugfix build.sh: fix shellcheck error
2021-09-11 01:14:28 +01:00
Starbeamrainbowlabs
a3c0f04668
README: Add explicit security section
2021-09-05 15:58:09 +01:00
Starbeamrainbowlabs
ae1842d064
docs: Add web server config snippet for Apache (thanks, @viradpt!) and Nginx
2021-09-03 21:12:36 +01:00
Starbeamrainbowlabs
fd8703470d
docs/making a release: Add tweet template text
2021-09-03 02:37:56 +01:00
Starbeamrainbowlabs
d84411b746
Bump version to v0.24-dev
2021-09-03 02:34:50 +01:00
Starbeamrainbowlabs
6b9dfbcf68
Update changelog again
2021-09-03 02:26:47 +01:00
Starbeamrainbowlabs
51475b41b1
Update Changelog
2021-09-03 02:25:58 +01:00
Starbeamrainbowlabs
8e4afbc31c
build.sh: fix xargs warning
2021-09-03 02:07:47 +01:00
Starbeamrainbowlabs
07eed388bd
Bump version
2021-09-03 02:05:24 +01:00
Starbeamrainbowlabs
14eb9e0d41
fixup
2021-09-03 02:04:49 +01:00
Starbeamrainbowlabs
edd1702ea3
page-sitemap: tweak description
2021-09-03 02:04:41 +01:00
Starbeamrainbowlabs
ec0b556892
recent changes: fix broken charactetr when displaying page moves
2021-09-03 02:01:24 +01:00
Starbeamrainbowlabs
525dbaa3e1
page history: fix username rendering
2021-09-03 02:01:07 +01:00
Starbeamrainbowlabs
0a950425e1
Bugfix: fix new slugify function
2021-09-03 01:55:05 +01:00
Starbeamrainbowlabs
de4536e173
page-view: XSS again again again
2021-09-03 01:50:09 +01:00
Starbeamrainbowlabs
fef9102393
page-move: htmlentities & returnto support in login URLs
2021-09-03 01:41:51 +01:00
Starbeamrainbowlabs
c0c2bd7f6a
page-login: minor htmlentities for breakfast, lunch, and tea
2021-09-03 01:37:11 +01:00
Starbeamrainbowlabs
e2517c0b20
page-list: Yep, you guessed it! XSS again.....
2021-09-03 01:34:38 +01:00
Starbeamrainbowlabs
7aaded1f40
page-help: Add formats to data size bar on ?action=help&dev=yes
2021-09-03 01:29:49 +01:00
Starbeamrainbowlabs
9bd69b1b01
page-export: XSS
2021-09-03 01:26:14 +01:00
Starbeamrainbowlabs
42ad55c849
page-edit: XSS
2021-09-03 01:23:42 +01:00
Starbeamrainbowlabs
3f286b4cda
page-delete: fix XSS
2021-09-03 01:16:29 +01:00
Starbeamrainbowlabs
54166c9b79
page-credits: htmlentities *everywhere*
2021-09-03 01:12:49 +01:00
Starbeamrainbowlabs
4dda12d195
feaature-watchlist: minor XSS improvements
2021-09-03 01:10:54 +01:00
Starbeamrainbowlabs
2844a47f9f
feature-user-table: fix potential obscure XSS attack
2021-09-03 01:08:27 +01:00
Starbeamrainbowlabs
2d6bf1df70
feature-user-preferences: fiix potential xss vulnerabilities
2021-09-03 01:01:38 +01:00
Starbeamrainbowlabs
1f51bf31c6
Add new file formats to the list of allowed formats for uploaded files:
...
image/avif
image/jxl
Also, lesser known image formats:
image/hief image/heic
2021-09-03 00:52:01 +01:00
Starbeamrainbowlabs
227a7ac662
feature-upload: fix potential XSS attacks
2021-09-03 00:42:36 +01:00
Starbeamrainbowlabs
4a00a404e1
Update changelog
2021-09-03 00:28:20 +01:00
Starbeamrainbowlabs
6dd3e52a9c
feature-theme-gallery: fill in help text
2021-09-03 00:26:55 +01:00
Starbeamrainbowlabs
538f899018
feturee-stats: minor admindetails_name issue
2021-09-03 00:14:53 +01:00
Starbeamrainbowlabs
39af83caf9
page-renderer: use htmlentities on admindetails_name
...
This is NOT to fix a security issue - rather to allow the admin's name
to contain special characters. Note that the admin's name can only be
changed either in peppermint.json or via the admin settings panel (which
only admins can access). If you're worries about admins serving
arbitrary HTML, then Pepperminty Wiki is not for you because they could
serve a random static HTML file that they've uploaded to their web
server for instance.
2021-09-03 00:09:44 +01:00
Starbeamrainbowlabs
98485e7bd2
feature-search: fix potential XSS
2021-09-03 00:00:49 +01:00
Starbeamrainbowlabs
738715af43
core | render_pagename, render_username: fix potential authenticated XSS attack
2021-09-02 23:04:26 +01:00
Starbeamrainbowlabs
d977d594e6
feture-recent-changes: fix typo
2021-09-02 23:02:01 +01:00
Starbeamrainbowlabs
0ff5ab20ec
feature-interwiki-links: fix potential XSS attack
2021-09-02 23:00:50 +01:00
Starbeamrainbowlabs
b5b38166ac
feature-history: fix potential XSS attack
2021-09-02 22:58:19 +01:00
Starbeamrainbowlabs
3f61c9eac0
feature-guiconfig: fix potential obscure XSS
2021-09-02 22:53:59 +01:00
Starbeamrainbowlabs
80f77a93b5
feature-comments: fix potential XSS
2021-09-02 22:50:00 +01:00
Starbeamrainbowlabs
a1259ec8d9
action-random: use new slugify() function
2021-09-02 22:39:10 +01:00
Starbeamrainbowlabs
bacfc11723
fixup
2021-09-02 22:29:48 +01:00
Starbeamrainbowlabs
51be347000
action-protect: fix
2021-09-02 22:29:39 +01:00
Starbeamrainbowlabs
d5ef65ce01
Update changelog
2021-09-02 21:35:12 +01:00
Starbeamrainbowlabs
f400da6dce
Page renderer: Automatically run htmlentities() on all titles
2021-09-02 21:34:40 +01:00
Starbeamrainbowlabs
e0f65c2e65
action-hash: fix potential XSS in string GET param
2021-09-02 21:27:26 +01:00
Starbeamrainbowlabs
b6fc5941b7
feature-watchlist: fix format GET parameter
2021-09-02 21:23:31 +01:00
Starbeamrainbowlabs
4fdbd9a427
Update changelog
2021-09-02 21:22:03 +01:00