1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-10-31 21:33:00 +00:00
Commit graph

17 commits

Author SHA1 Message Date
0a77065c3f
Bugfix: Fix stored XSS attack - ref CVE-2021-38600
See https://github.com/hmaverickadams/CVE-2021-38600

For some reason the author did not think ti wise to let me know 
privately first - instead publicly announcing it via a GitHub repo..... 
sigh.

In addition, is this *really* a vulnerability? Since Pepperminty Wiki 
requires the site secret to set it up, I can't see that this has a real 
impact.

Still, I'll fix it anyway.....
2021-09-02 20:54:06 +01:00
ba70f74a96
Added automatic system requirements indicator to first run 2021-08-06 01:50:08 +01:00
cfd087d919
Add MPL 2.0 short header to core code files 2020-09-23 23:22:39 +01:00
1ec1705a62
Standardise error_log prefixes to aid clarity in multi-wiki environments 2020-07-28 19:42:41 +01:00
0f04a927c4
Tiny formatting tweak 2020-01-10 17:07:09 +00:00
Kevin Otte
3396c25002
Fix compromise detection
Compromise detection has inverted logic handling response_code and did not honor the settingsFilename variable.
2020-01-08 20:25:46 -05:00
60cca5a5e2
Add say hi button to firstrun wizard :D - closes #175 2019-11-24 11:50:49 +00:00
f7943365d5
Squash warnings from file_get_contents in the peppermint.json access check 2019-09-18 11:28:47 +01:00
c96e3108aa
Set user agent string when making requests 2019-08-26 15:27:24 +01:00
f14fd23da5
Add force-redirect to firstrun action, and option to disable access check (NOT RECOMMENDED) 2019-05-11 22:52:55 +01:00
a49ccccbcc
Handle pre-existing wikis 2019-05-11 15:39:55 +01:00
0333c1a4d4
Check if peppermint.json is accessible from the web 2019-05-11 13:06:19 +01:00
cc82adf23d
firstrun: Fix filter_var call 2019-05-11 12:54:09 +01:00
215c0d41ef
Require the site secret to use the first-run installer 2019-05-11 12:51:22 +01:00
1dc0438a18
Work more on the first-run installer, but it's not finished yet 2019-05-11 12:45:02 +01:00
a25767432a
Add todo 2019-05-11 00:35:47 +01:00
1d6409128d
Start work on a simpler first-run wizard, but it's not finished yet.
Hopefully this one will be more successful than the last attempt :P
2019-05-11 00:35:17 +01:00