sbrl-github/Pepperminty-Wiki
sbrl-github
/
Pepperminty-Wiki
mirror of https://github.com/sbrl/Pepperminty-Wiki.git
1
0
Fork 0
Code
1,844 Commits 5 Branches 62 Tags 9.2 MiB
Commit Graph

1844 Commits

Author SHA1 Message Date
Starbeamrainbowlabs d977d594e6
feture-recent-changes: fix typo 2021-09-02 23:02:01 +01:00
Starbeamrainbowlabs 0ff5ab20ec
feature-interwiki-links: fix potential XSS attack 2021-09-02 23:00:50 +01:00
Starbeamrainbowlabs b5b38166ac
feature-history: fix potential XSS attack 2021-09-02 22:58:19 +01:00
Starbeamrainbowlabs 3f61c9eac0
feature-guiconfig: fix potential obscure XSS 2021-09-02 22:53:59 +01:00
Starbeamrainbowlabs 80f77a93b5
feature-comments: fix potential XSS 2021-09-02 22:50:00 +01:00
Starbeamrainbowlabs a1259ec8d9
action-random: use new slugify() function 2021-09-02 22:39:10 +01:00
Starbeamrainbowlabs bacfc11723
fixup 2021-09-02 22:29:48 +01:00
Starbeamrainbowlabs 51be347000
action-protect: fix 2021-09-02 22:29:39 +01:00
Starbeamrainbowlabs d5ef65ce01
Update changelog 2021-09-02 21:35:12 +01:00
Starbeamrainbowlabs f400da6dce
Page renderer: Automatically run htmlentities() on all titles 2021-09-02 21:34:40 +01:00
Starbeamrainbowlabs e0f65c2e65
action-hash: fix potential XSS in string GET param 2021-09-02 21:27:26 +01:00
Starbeamrainbowlabs b6fc5941b7
feature-watchlist: fix format GET parameter 2021-09-02 21:23:31 +01:00
Starbeamrainbowlabs 4fdbd9a427
Update changelog 2021-09-02 21:22:03 +01:00
Starbeamrainbowlabs dfe76d1d9b
feature-watchlist: Fix Potential XSS in do GET parameter 2021-09-02 21:21:17 +01:00
Starbeamrainbowlabs 96546184dc
Implement simple slugify function 
I suspect I may have to fix a number of issues here.....
 2021-09-02 21:19:31 +01:00
Starbeamrainbowlabs 473e8e1fc9
Update changelog 2021-09-02 21:08:53 +01:00
Starbeamrainbowlabs 7f48302f1a
Bugfix: Fix XSS via action GET parameter. 
Ref CVE-2021-38601

Serously, don't make public GitHub repos before contacting me!

https://github.com/hmaverickadams/CVE-2021-38601
 2021-09-02 21:08:01 +01:00
Starbeamrainbowlabs 5dbca32844
Merge branch 'master' of github.com:sbrl/Pepperminty-Wiki 2021-09-02 20:58:36 +01:00
Starbeamrainbowlabs 0a77065c3f
Bugfix: Fix stored XSS attack - ref CVE-2021-38600 
See https://github.com/hmaverickadams/CVE-2021-38600

For some reason the author did not think ti wise to let me know 
privately first - instead publicly announcing it via a GitHub repo..... 
sigh.

In addition, is this *really* a vulnerability? Since Pepperminty Wiki 
requires the site secret to set it up, I can't see that this has a real 
impact.

Still, I'll fix it anyway.....
 2021-09-02 20:54:06 +01:00
Starbeamrainbowlabs b7e00d6676
Merge pull request #223 from sbrl/dependabot/npm_and_yarn/color-string-1.6.0 
build(deps): bump color-string from 1.5.3 to 1.6.0
 2021-09-02 20:37:28 +01:00
dependabot[bot] b98bb04291
build(deps): bump color-string from 1.5.3 to 1.6.0 
Bumps [color-string](https://github.com/Qix-/color-string) from 1.5.3 to 1.6.0.
- [Release notes](https://github.com/Qix-/color-string/releases)
- [Changelog](https://github.com/Qix-/color-string/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Qix-/color-string/commits/1.6.0)

---
updated-dependencies:
- dependency-name: color-string
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-08-15 20:46:39 +00:00
Starbeamrainbowlabs fab1b52882
Bugfix: fix error handling logic 2021-08-15 21:46:19 +01:00
Starbeamrainbowlabs ba70f74a96
Added automatic system requirements indicator to first run 2021-08-06 01:50:08 +01:00
Starbeamrainbowlabs e7b3f5e0d0
feature-upload: add function / class existence checks where functions from php extensions are required 2021-08-06 01:49:59 +01:00
Starbeamrainbowlabs fb9eec2d33
Fix & improve sidebar 2021-07-21 00:44:31 +01:00
Starbeamrainbowlabs 83012a1416
Prefix default value of logo_url with https: 
...apparently some browsers don't see //example.com as a valid URL
 2021-07-21 00:19:26 +01:00
Starbeamrainbowlabs 86206195b6
Fix crash when using the search bar in recent versions of php 2021-07-20 23:54:56 +01:00
Starbeamrainbowlabs 440b4e9cda
Add sidebar_show to the settings GUI & the configuration guide 2021-07-20 23:22:44 +01:00
Starbeamrainbowlabs 2e54a8a4d5
Improve resilience and error output if the PHP Zip extension is not installed on first run 2021-07-20 23:15:48 +01:00
Starbeamrainbowlabs 256d6a59e6
Merge branch 'master' of github.com:sbrl/Pepperminty-Wiki 2021-06-10 20:12:02 +01:00
Starbeamrainbowlabs 0c9934038c
feature-cli: fix typo 2021-06-10 20:11:53 +01:00
Starbeamrainbowlabs 45a03874b4
Merge pull request #220 from sbrl/dependabot/npm_and_yarn/lodash-4.17.21 
build(deps): bump lodash from 4.17.19 to 4.17.21
 2021-05-09 20:02:56 +01:00
dependabot[bot] f84f318b1c
build(deps): bump lodash from 4.17.19 to 4.17.21 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.19 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.19...4.17.21)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-07 23:17:40 +00:00
Starbeamrainbowlabs 351b24eb48
README: Linkify liberapay profile 2021-04-25 17:31:08 +01:00
Starbeamrainbowlabs 03c7d941e6
fix changelog 2021-04-11 21:49:44 +01:00
Starbeamrainbowlabs 26f5838ce0
Add experimental [display text](./Page Name.md) style internal links 
This  is transparently handled by a wrapper around inlineLink, which 
conditionally bails by returning the parent if parsing fails. It then 
~~ab~~uses inlineInternalLink to provide proper internal link support.

Fixes #190.
 2021-04-11 21:47:41 +01:00
Starbeamrainbowlabs ffe1d37d4b
docs: clarify system requirements 2021-02-10 22:19:36 +00:00
Starbeamrainbowlabs 77880d9410
search: properly apply weightings in titlels and tags 2021-02-10 22:17:38 +00:00
Starbeamrainbowlabs b2a783e903
core: Support setting page through either GET or POST 
Fixes #217.
 2020-11-20 21:25:47 +00:00
Starbeamrainbowlabs e76eaf5963
feature-stats: bump version 2020-11-20 21:20:05 +00:00
Starbeamrainbowlabs 05314c464e
Merge branch 'master' of github.com:sbrl/Pepperminty-Wiki 2020-11-20 21:13:42 +00:00
Starbeamrainbowlabs d29b87eb6d
Make the statistic update system more resilient 2020-11-20 21:13:31 +00:00
Starbeamrainbowlabs 41d52764fb
Merge pull request #215 from finkiki/master: fix typo 2020-11-10 19:40:47 +00:00
Popol d5e4332652
typo 2020-11-07 13:15:48 +01:00
Starbeamrainbowlabs 880c9e3796
Send `x-robots-tag: noindex,nofollow` with the login page 
SemrushBot, you better obey this one
 2020-10-26 18:59:53 +00:00
Starbeamrainbowlabs e0d5d72f08
Update changelog 2020-10-26 18:28:52 +00:00
Starbeamrainbowlabs 2677bb8143
page-sitemap: add module 2020-10-26 18:26:59 +00:00
Starbeamrainbowlabs 7b3f06d539
page-credits: add page-sitemap support 2020-10-26 18:26:52 +00:00
Starbeamrainbowlabs d7128eed0e
api-status: add sitemap_url property if the page-sitemap module is present 2020-10-26 18:26:33 +00:00
Starbeamrainbowlabs 59b40026fc
document manual sitemap setup in features faq 2020-10-26 18:25:30 +00:00