1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-12-27 15:24:56 +00:00
Commit graph

923 commits

Author SHA1 Message Date
0e675f4c6f
parsedown: fix templating under circumstances 2023-01-26 20:51:07 +00:00
c6fb3cdd6e
credits: fix typo
fixes #233
2022-09-17 17:36:20 +01:00
b0e1418175
typo 2022-08-14 22:31:08 +01:00
ccd0fa8f13
typo 2022-08-14 22:30:49 +01:00
b2ba00df56
Document redirect and redirected_from GET params to the view action 2022-08-14 21:41:17 +01:00
2ddad1ae59
page-list: add filter GET param to filter page list by a substring. 2022-08-03 01:13:04 +01:00
5ed37cad13
parser-parsedown: coment debug logging
...oops :P
2022-08-03 01:07:00 +01:00
96eb694a1d
Bugfix action-raw: add missing implode 2022-06-30 01:43:54 +01:00
9bc1380a7b
bugfix: fix reference to tags in action-raw 2022-06-30 01:42:52 +01:00
ec340d18a9
action-raw: updaate rest api docs 2022-06-30 01:39:56 +01:00
234f9fa371
Add x-tags to raw action 2022-06-29 00:06:36 +01:00
46f85c7b0c
page-edit: add missing refresh header 2022-05-26 02:49:18 +01:00
e54bacdcac
page-edit: fix user page permissions check to also occur in the save action 2022-05-26 01:12:51 +01:00
71544b5d9d
Merge branch 'master' of github.com:sbrl/Pepperminty-Wiki 2022-05-25 23:51:02 +01:00
49a675c042
Return a 409 Conflict instead of a 200 OK on an edit conflict when saving a page in the save action 2022-05-25 23:50:55 +01:00
f4ff1f41e1
Remove debug logging 2022-05-18 15:36:13 +01:00
3f76c64b82
Make PeppermintParsedown::extract_page_names more multibyte safe to avoid empty statistics 2022-04-24 14:38:21 +01:00
bf2d797d92
oneboxing: change to use [[[triple square brackets]]]
This is because for some reason when extending Parsedown to add a new 
block type for [[internal links]] to detect oneboxing means that it's 
impossible to  tell if we're inside e.g. a bulleted list or not :-/
2022-03-17 03:20:21 +00:00
434abdf29f
Add initial simple oneboxing support 2022-03-12 02:52:53 +00:00
f4f08d8066
docs: Update apiDoc
As it turns out, we used @apiVersion for things that weren't HTTP API 
routes. In such cases, the recommended directive is @since, not 
@apiVersion
2022-02-27 16:19:35 +00:00
bb9a56f59a
StorageBox: Fix crash when index.php is a symlink 2022-02-27 15:56:34 +00:00
d99ca1685c
lib-storage-box: make more robust
I have no idea what's going on here
2022-02-27 15:35:01 +00:00
0ecc874fc1
credits: add author of latest PR 2022-02-19 15:22:05 +00:00
ae4d03da17
Bugfix: Banish erroneous additional entries in complex tables of contents 2022-02-18 23:59:42 +00:00
334b928c1e
Add initial support for embedding videos from YouTube, Vimeo, etc 2022-02-07 02:46:47 +00:00
439187139d
Bugfix: fix crash when attempting to leave a top-level comment 2022-02-06 00:24:55 +00:00
75e2abce0f
parser-parsedown: fix typo in help 2022-01-30 02:36:48 +00:00
021ebaea22
Fix crash when loading the stats page 2022-01-05 02:47:28 +00:00
4853c1f604
fix login when hosting Pepperminty Wiki in a subdirectory 2021-09-30 21:26:30 +01:00
7cf545a3ca
Fix more intelligent returnto redirect 2021-09-30 21:06:07 +01:00
fa407ce99d
login: regenerate sessiono token on login; make returnto sanitisation more intelligent 2021-09-27 21:32:39 +01:00
4f3a1c3757
Display returnto URL above the login form if present to further mitigate CSRF issues 2021-09-27 20:51:12 +01:00
7b6cbbe821
feature-upload: ensure that Javascript in SVG images does not execute
My first time using Content-Security-Policy. Yay!

It's real powerful, but I have yet to find a good generator to help me 
create more complex policies. In this case, the policy allows everything 
by default, but disables all Javascript.

This new Content-Security-Policy header is served for all image 
previews.
2021-09-21 14:04:42 +01:00
f59e68127c
Ensured that the returnto GET parameter leads you only to another place on your Pepperminty Wiki instance (thanks, @JamieSlome) 2021-09-21 13:40:12 +01:00
4be6a181cb
Bugfix: XSS in format GET param of stats action 2021-09-21 13:29:27 +01:00
14eb9e0d41
fixup 2021-09-03 02:04:49 +01:00
edd1702ea3
page-sitemap: tweak description 2021-09-03 02:04:41 +01:00
ec0b556892
recent changes: fix broken charactetr when displaying page moves 2021-09-03 02:01:24 +01:00
de4536e173
page-view: XSS again again again 2021-09-03 01:50:09 +01:00
fef9102393
page-move: htmlentities & returnto support in login URLs 2021-09-03 01:41:51 +01:00
c0c2bd7f6a
page-login: minor htmlentities for breakfast, lunch, and tea 2021-09-03 01:37:11 +01:00
e2517c0b20
page-list: Yep, you guessed it! XSS again..... 2021-09-03 01:34:38 +01:00
7aaded1f40
page-help: Add formats to data size bar on ?action=help&dev=yes 2021-09-03 01:29:49 +01:00
9bd69b1b01
page-export: XSS 2021-09-03 01:26:14 +01:00
42ad55c849
page-edit: XSS 2021-09-03 01:23:42 +01:00
3f286b4cda
page-delete: fix XSS 2021-09-03 01:16:29 +01:00
54166c9b79
page-credits: htmlentities *everywhere* 2021-09-03 01:12:49 +01:00
4dda12d195
feaature-watchlist: minor XSS improvements 2021-09-03 01:10:54 +01:00
2844a47f9f
feature-user-table: fix potential obscure XSS attack 2021-09-03 01:08:27 +01:00
2d6bf1df70
feature-user-preferences: fiix potential xss vulnerabilities 2021-09-03 01:01:38 +01:00