Pepperminty-Wiki

mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-22 04:23:01 +00:00

Author	SHA1	Message	Date
Starbeamrainbowlabs	c0c2bd7f6a	page-login: minor htmlentities for breakfast, lunch, and tea	2021-09-03 01:37:11 +01:00
Starbeamrainbowlabs	e2517c0b20	page-list: Yep, you guessed it! XSS again.....	2021-09-03 01:34:38 +01:00
Starbeamrainbowlabs	7aaded1f40	page-help: Add formats to data size bar on ?action=help&dev=yes	2021-09-03 01:29:49 +01:00
Starbeamrainbowlabs	9bd69b1b01	page-export: XSS	2021-09-03 01:26:14 +01:00
Starbeamrainbowlabs	42ad55c849	page-edit: XSS	2021-09-03 01:23:42 +01:00
Starbeamrainbowlabs	3f286b4cda	page-delete: fix XSS	2021-09-03 01:16:29 +01:00
Starbeamrainbowlabs	54166c9b79	page-credits: htmlentities everywhere	2021-09-03 01:12:49 +01:00
Starbeamrainbowlabs	4dda12d195	feaature-watchlist: minor XSS improvements	2021-09-03 01:10:54 +01:00
Starbeamrainbowlabs	2844a47f9f	feature-user-table: fix potential obscure XSS attack	2021-09-03 01:08:27 +01:00
Starbeamrainbowlabs	2d6bf1df70	feature-user-preferences: fiix potential xss vulnerabilities	2021-09-03 01:01:38 +01:00
Starbeamrainbowlabs	1f51bf31c6	Add new file formats to the list of allowed formats for uploaded files: image/avif image/jxl Also, lesser known image formats: image/hief image/heic	2021-09-03 00:52:01 +01:00
Starbeamrainbowlabs	227a7ac662	feature-upload: fix potential XSS attacks	2021-09-03 00:42:36 +01:00
Starbeamrainbowlabs	4a00a404e1	Update changelog	2021-09-03 00:28:20 +01:00
Starbeamrainbowlabs	6dd3e52a9c	feature-theme-gallery: fill in help text	2021-09-03 00:26:55 +01:00
Starbeamrainbowlabs	538f899018	feturee-stats: minor admindetails_name issue	2021-09-03 00:14:53 +01:00
Starbeamrainbowlabs	39af83caf9	page-renderer: use htmlentities on admindetails_name This is NOT to fix a security issue - rather to allow the admin's name to contain special characters. Note that the admin's name can only be changed either in peppermint.json or via the admin settings panel (which only admins can access). If you're worries about admins serving arbitrary HTML, then Pepperminty Wiki is not for you because they could serve a random static HTML file that they've uploaded to their web server for instance.	2021-09-03 00:09:44 +01:00
Starbeamrainbowlabs	98485e7bd2	feature-search: fix potential XSS	2021-09-03 00:00:49 +01:00
Starbeamrainbowlabs	738715af43	core \| render_pagename, render_username: fix potential authenticated XSS attack	2021-09-02 23:04:26 +01:00
Starbeamrainbowlabs	d977d594e6	feture-recent-changes: fix typo	2021-09-02 23:02:01 +01:00
Starbeamrainbowlabs	0ff5ab20ec	feature-interwiki-links: fix potential XSS attack	2021-09-02 23:00:50 +01:00
Starbeamrainbowlabs	b5b38166ac	feature-history: fix potential XSS attack	2021-09-02 22:58:19 +01:00
Starbeamrainbowlabs	3f61c9eac0	feature-guiconfig: fix potential obscure XSS	2021-09-02 22:53:59 +01:00
Starbeamrainbowlabs	80f77a93b5	feature-comments: fix potential XSS	2021-09-02 22:50:00 +01:00
Starbeamrainbowlabs	a1259ec8d9	action-random: use new slugify() function	2021-09-02 22:39:10 +01:00
Starbeamrainbowlabs	bacfc11723	fixup	2021-09-02 22:29:48 +01:00
Starbeamrainbowlabs	51be347000	action-protect: fix	2021-09-02 22:29:39 +01:00
Starbeamrainbowlabs	d5ef65ce01	Update changelog	2021-09-02 21:35:12 +01:00
Starbeamrainbowlabs	f400da6dce	Page renderer: Automatically run htmlentities() on all titles	2021-09-02 21:34:40 +01:00
Starbeamrainbowlabs	e0f65c2e65	action-hash: fix potential XSS in string GET param	2021-09-02 21:27:26 +01:00
Starbeamrainbowlabs	b6fc5941b7	feature-watchlist: fix format GET parameter	2021-09-02 21:23:31 +01:00
Starbeamrainbowlabs	4fdbd9a427	Update changelog	2021-09-02 21:22:03 +01:00
Starbeamrainbowlabs	dfe76d1d9b	feature-watchlist: Fix Potential XSS in do GET parameter	2021-09-02 21:21:17 +01:00
Starbeamrainbowlabs	96546184dc	Implement simple slugify function I suspect I may have to fix a number of issues here.....	2021-09-02 21:19:31 +01:00
Starbeamrainbowlabs	473e8e1fc9	Update changelog	2021-09-02 21:08:53 +01:00
Starbeamrainbowlabs	7f48302f1a	Bugfix: Fix XSS via action GET parameter. Ref CVE-2021-38601 Serously, don't make public GitHub repos before contacting me! https://github.com/hmaverickadams/CVE-2021-38601	2021-09-02 21:08:01 +01:00
Starbeamrainbowlabs	5dbca32844	Merge branch 'master' of github.com:sbrl/Pepperminty-Wiki	2021-09-02 20:58:36 +01:00
Starbeamrainbowlabs	0a77065c3f	Bugfix: Fix stored XSS attack - ref CVE-2021-38600 See https://github.com/hmaverickadams/CVE-2021-38600 For some reason the author did not think ti wise to let me know privately first - instead publicly announcing it via a GitHub repo..... sigh. In addition, is this really a vulnerability? Since Pepperminty Wiki requires the site secret to set it up, I can't see that this has a real impact. Still, I'll fix it anyway.....	2021-09-02 20:54:06 +01:00
Starbeamrainbowlabs	b7e00d6676	Merge pull request #223 from sbrl/dependabot/npm_and_yarn/color-string-1.6.0 build(deps): bump color-string from 1.5.3 to 1.6.0	2021-09-02 20:37:28 +01:00
dependabot[bot]	b98bb04291	build(deps): bump color-string from 1.5.3 to 1.6.0 Bumps [color-string](https://github.com/Qix-/color-string) from 1.5.3 to 1.6.0. - [Release notes](https://github.com/Qix-/color-string/releases) - [Changelog](https://github.com/Qix-/color-string/blob/master/CHANGELOG.md) - [Commits](https://github.com/Qix-/color-string/commits/1.6.0) --- updated-dependencies: - dependency-name: color-string dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2021-08-15 20:46:39 +00:00
Starbeamrainbowlabs	fab1b52882	Bugfix: fix error handling logic	2021-08-15 21:46:19 +01:00
Starbeamrainbowlabs	ba70f74a96	Added automatic system requirements indicator to first run	2021-08-06 01:50:08 +01:00
Starbeamrainbowlabs	e7b3f5e0d0	feature-upload: add function / class existence checks where functions from php extensions are required	2021-08-06 01:49:59 +01:00
Starbeamrainbowlabs	fb9eec2d33	Fix & improve sidebar	2021-07-21 00:44:31 +01:00
Starbeamrainbowlabs	83012a1416	Prefix default value of logo_url with https: ...apparently some browsers don't see //example.com as a valid URL	2021-07-21 00:19:26 +01:00
Starbeamrainbowlabs	86206195b6	Fix crash when using the search bar in recent versions of php	2021-07-20 23:54:56 +01:00
Starbeamrainbowlabs	440b4e9cda	Add sidebar_show to the settings GUI & the configuration guide	2021-07-20 23:22:44 +01:00
Starbeamrainbowlabs	2e54a8a4d5	Improve resilience and error output if the PHP Zip extension is not installed on first run	2021-07-20 23:15:48 +01:00
Starbeamrainbowlabs	256d6a59e6	Merge branch 'master' of github.com:sbrl/Pepperminty-Wiki	2021-06-10 20:12:02 +01:00
Starbeamrainbowlabs	0c9934038c	feature-cli: fix typo	2021-06-10 20:11:53 +01:00
Starbeamrainbowlabs	45a03874b4	Merge pull request #220 from sbrl/dependabot/npm_and_yarn/lodash-4.17.21 build(deps): bump lodash from 4.17.19 to 4.17.21	2021-05-09 20:02:56 +01:00

1 2 3 4 5 ...

1762 commits