7f48302f1a
Bugfix: Fix XSS via action GET parameter.
...
Ref CVE-2021-38601
Serously, don't make public GitHub repos before contacting me!
https://github.com/hmaverickadams/CVE-2021-38601
2021-09-02 21:08:01 +01:00
5dbca32844
Merge branch 'master' of github.com:sbrl/Pepperminty-Wiki
2021-09-02 20:58:36 +01:00
0a77065c3f
Bugfix: Fix stored XSS attack - ref CVE-2021-38600
...
See https://github.com/hmaverickadams/CVE-2021-38600
For some reason the author did not think ti wise to let me know
privately first - instead publicly announcing it via a GitHub repo.....
sigh.
In addition, is this *really* a vulnerability? Since Pepperminty Wiki
requires the site secret to set it up, I can't see that this has a real
impact.
Still, I'll fix it anyway.....
2021-09-02 20:54:06 +01:00
b7e00d6676
Merge pull request #223 from sbrl/dependabot/npm_and_yarn/color-string-1.6.0
...
build(deps): bump color-string from 1.5.3 to 1.6.0
2021-09-02 20:37:28 +01:00
dependabot[bot]
b98bb04291
build(deps): bump color-string from 1.5.3 to 1.6.0
...
Bumps [color-string](https://github.com/Qix-/color-string ) from 1.5.3 to 1.6.0.
- [Release notes](https://github.com/Qix-/color-string/releases )
- [Changelog](https://github.com/Qix-/color-string/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Qix-/color-string/commits/1.6.0 )
---
updated-dependencies:
- dependency-name: color-string
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-08-15 20:46:39 +00:00
fab1b52882
Bugfix: fix error handling logic
2021-08-15 21:46:19 +01:00
ba70f74a96
Added automatic system requirements indicator to first run
2021-08-06 01:50:08 +01:00
e7b3f5e0d0
feature-upload: add function / class existence checks where functions from php extensions are required
2021-08-06 01:49:59 +01:00
fb9eec2d33
Fix & improve sidebar
2021-07-21 00:44:31 +01:00
83012a1416
Prefix default value of logo_url with https:
...
...apparently some browsers don't see //example.com as a valid URL
2021-07-21 00:19:26 +01:00
86206195b6
Fix crash when using the search bar in recent versions of php
2021-07-20 23:54:56 +01:00
440b4e9cda
Add sidebar_show to the settings GUI & the configuration guide
2021-07-20 23:22:44 +01:00
2e54a8a4d5
Improve resilience and error output if the PHP Zip extension is not installed on first run
2021-07-20 23:15:48 +01:00
256d6a59e6
Merge branch 'master' of github.com:sbrl/Pepperminty-Wiki
2021-06-10 20:12:02 +01:00
0c9934038c
feature-cli: fix typo
2021-06-10 20:11:53 +01:00
45a03874b4
Merge pull request #220 from sbrl/dependabot/npm_and_yarn/lodash-4.17.21
...
build(deps): bump lodash from 4.17.19 to 4.17.21
2021-05-09 20:02:56 +01:00
dependabot[bot]
f84f318b1c
build(deps): bump lodash from 4.17.19 to 4.17.21
...
Bumps [lodash](https://github.com/lodash/lodash ) from 4.17.19 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/compare/4.17.19...4.17.21 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-07 23:17:40 +00:00
351b24eb48
README: Linkify liberapay profile
2021-04-25 17:31:08 +01:00
03c7d941e6
fix changelog
2021-04-11 21:49:44 +01:00
26f5838ce0
Add experimental [display text](./Page Name.md) style internal links
...
This is transparently handled by a wrapper around inlineLink, which
conditionally bails by returning the parent if parsing fails. It then
~~ab~~uses inlineInternalLink to provide proper internal link support.
Fixes #190 .
2021-04-11 21:47:41 +01:00
ffe1d37d4b
docs: clarify system requirements
2021-02-10 22:19:36 +00:00
77880d9410
search: properly apply weightings in titlels and tags
2021-02-10 22:17:38 +00:00
b2a783e903
core: Support setting page through either GET or POST
...
Fixes #217 .
2020-11-20 21:25:47 +00:00
e76eaf5963
feature-stats: bump version
2020-11-20 21:20:05 +00:00
05314c464e
Merge branch 'master' of github.com:sbrl/Pepperminty-Wiki
2020-11-20 21:13:42 +00:00
d29b87eb6d
Make the statistic update system more resilient
2020-11-20 21:13:31 +00:00
41d52764fb
Merge pull request #215 from finkiki/master: fix typo
2020-11-10 19:40:47 +00:00
Popol
d5e4332652
typo
2020-11-07 13:15:48 +01:00
880c9e3796
Send x-robots-tag: noindex,nofollow
with the login page
...
SemrushBot, you better obey this one
2020-10-26 18:59:53 +00:00
e0d5d72f08
Update changelog
2020-10-26 18:28:52 +00:00
2677bb8143
page-sitemap: add module
2020-10-26 18:26:59 +00:00
7b3f06d539
page-credits: add page-sitemap support
2020-10-26 18:26:52 +00:00
d7128eed0e
api-status: add sitemap_url property if the page-sitemap module is present
2020-10-26 18:26:33 +00:00
59b40026fc
document manual sitemap setup in features faq
2020-10-26 18:25:30 +00:00
6abbdc4d1e
recent-changes: deduplicate in atom
...
feed generation
2020-10-26 18:24:53 +00:00
9c44f02f00
docs: Document the create new page button feature
2020-10-25 23:50:53 +00:00
7dd9bd74c4
Add support for creating pages whose name is not yet known - fixes #194
2020-10-25 22:50:03 +00:00
b78aa34972
Bump version to v0.23-dev
2020-10-25 22:43:04 +00:00
0a81c940c5
README: add to todo list
2020-10-01 02:17:53 +01:00
0437213509
docs: Update making a release
...
Following IFTTT's announcement for supporting only 3 apps in the free
tier, we now have to tweet manually. TODO: Setup something to tweet
automatically again. perhaps a GitHub action or something?
2020-09-24 16:07:37 +01:00
cfd087d919
Add MPL 2.0 short header to core code files
2020-09-23 23:22:39 +01:00
73f909141d
configuration guide: update to include count of how many settings we have so far
...
...we've got 114 settings so far - pretty awesome! Also a challenge to
navigate to find the right one that you want, though..... I'm open to
suggestions (and contributions :P).
2020-09-20 01:26:43 +01:00
3f93237512
Update todo list in README
2020-09-11 21:25:44 +01:00
f02caae2d1
Bump version for next stable release~!
2020-09-11 21:22:57 +01:00
7fe8f1ab02
Bump version ready for next beta release
2020-09-05 00:51:46 +01:00
32c6906a27
Update changelog
2020-08-31 21:05:20 +01:00
0085ddf0c4
Don't emit custom css unless there's something to emit
2020-08-31 21:04:59 +01:00
dfca17d1cf
more of the same - this time in page / tag lists
2020-08-31 21:02:49 +01:00
23998f60bf
Bugfix: correctly escape ampersands with htmlentities in URLs
2020-08-31 21:00:15 +01:00
42971f573d
Bugfix: Fix invalid HTML generated by new hide_email() logic
2020-08-31 20:56:34 +01:00