de4536e173
page-view: XSS again again again
2021-09-03 01:50:09 +01:00
39af83caf9
page-renderer: use htmlentities on admindetails_name
...
This is NOT to fix a security issue - rather to allow the admin's name
to contain special characters. Note that the admin's name can only be
changed either in peppermint.json or via the admin settings panel (which
only admins can access). If you're worries about admins serving
arbitrary HTML, then Pepperminty Wiki is not for you because they could
serve a random static HTML file that they've uploaded to their web
server for instance.
2021-09-03 00:09:44 +01:00
f400da6dce
Page renderer: Automatically run htmlentities() on all titles
2021-09-02 21:34:40 +01:00
cfd087d919
Add MPL 2.0 short header to core code files
2020-09-23 23:22:39 +01:00
0085ddf0c4
Don't emit custom css unless there's something to emit
2020-08-31 21:04:59 +01:00
23998f60bf
Bugfix: correctly escape ampersands with htmlentities in URLs
2020-08-31 21:00:15 +01:00
3c5a407356
Really fix #205
2020-08-11 23:01:44 +01:00
93bff09422
Update hide_email implementation
...
It now requires Javascript to decode the email address. If this is a
problem for whatever reason, please get in touch by opening an issue. I
take accessibility very seriously.
2020-08-09 23:53:29 +01:00
45c2fa56cd
Add more type hints, and fail to get Server-Timing working.
...
Note to self: If we do end up implementing it, remember that
$env->perfdata does containsensitive information sometimes, so we might
need to revise our approach a bit (e.g. only sending it to authenticated
admins)
2020-07-28 02:10:28 +01:00
093b405182
Add meta theme-color support
2020-05-24 01:59:05 +01:00
7548c1e7ee
Bugfix: Fix alt + enter search box submit failing with allow popups message
2019-12-23 20:52:48 +00:00
23f526baaa
Bugfix: Avoid inadvertent link loop for bots on login page
2019-12-19 15:36:41 +00:00
d3e83a0aea
page_renderer: Don't generate the page list for the datalist if it's not displayed
2019-12-08 20:27:20 +00:00
f543321304
Bugfix: Correct CSS rendering
2019-09-29 16:10:58 +01:00
e91852ca68
Finish implementing $settings->css_custom
2019-09-29 16:09:27 +01:00
6120fa8842
Refactor css minification code out into own function
2019-09-29 15:54:40 +01:00
dcd3c00d83
Squash warnings about non-static methods in the page renderer
2019-09-11 22:11:13 +01:00
157c6dabdd
If it's a list of strings, then it should be sorted correctly.
2019-09-03 18:16:01 +01:00
bcc8f0be27
More accessibility improvements, and noodle away at the darak theme.
...
Looks like we're going to have to come up with our own button style,
which is going to be a bit of a pain tbh :-/
2019-08-30 23:13:16 +01:00
5e5f47fdda
Add aria-label
2019-08-30 21:31:14 +01:00
ff51b6613c
Mark user avatar on top nav bar as hidden against screen readers
2019-08-30 18:23:17 +01:00
4e3426644c
Style the new mega-menu option.
...
It still needs more testing though - e.g. to ensure we haven't broken
the existing setup :P
2019-08-30 00:41:25 +01:00
2a567ba8c8
Fix html structure for mega-menu. Next up: CSS! :D
2019-08-29 20:57:14 +01:00
3374bdedc3
Add support for mega menus, but it's untested
2019-08-29 17:19:57 +01:00
45befb5ff1
Work on automatic theme index & preview generation
2019-08-25 21:38:28 +01:00
f63553fb92
Split core.php up into 16(!) different files.
...
This has been a looong time in coming. 1.9K links is _far_ too much for
any file.
2019-03-02 16:45:34 +00:00