914 commits

Author	SHA1	Message	Date
Starbeamrainbowlabs	ec340d18a9	action-raw: updaate rest api docs	2022-06-30 01:39:56 +01:00
Starbeamrainbowlabs	234f9fa371	Add x-tags to raw action	2022-06-29 00:06:36 +01:00
Starbeamrainbowlabs	46f85c7b0c	page-edit: add missing refresh header	2022-05-26 02:49:18 +01:00
Starbeamrainbowlabs	e54bacdcac	page-edit: fix user page permissions check to also occur in the save action	2022-05-26 01:12:51 +01:00
Starbeamrainbowlabs	71544b5d9d	Merge branch 'master' of github.com:sbrl/Pepperminty-Wiki	2022-05-25 23:51:02 +01:00
Starbeamrainbowlabs	49a675c042	Return a 409 Conflict instead of a 200 OK on an edit conflict when saving a page in the save action	2022-05-25 23:50:55 +01:00
Starbeamrainbowlabs	f4ff1f41e1	Remove debug logging	2022-05-18 15:36:13 +01:00
Starbeamrainbowlabs	3f76c64b82	Make PeppermintParsedown::extract_page_names more multibyte safe to avoid empty statistics	2022-04-24 14:38:21 +01:00
Starbeamrainbowlabs	bf2d797d92	oneboxing: change to use [[[triple square brackets]]] ... This is because for some reason when extending Parsedown to add a new block type for [[internal links]] to detect oneboxing means that it's impossible to tell if we're inside e.g. a bulleted list or not :-/	2022-03-17 03:20:21 +00:00
Starbeamrainbowlabs	434abdf29f	Add initial simple oneboxing support	2022-03-12 02:52:53 +00:00
Starbeamrainbowlabs	f4f08d8066	docs: Update apiDoc ... As it turns out, we used @apiVersion for things that weren't HTTP API routes. In such cases, the recommended directive is @since, not @apiVersion	2022-02-27 16:19:35 +00:00
Starbeamrainbowlabs	bb9a56f59a	StorageBox: Fix crash when index.php is a symlink	2022-02-27 15:56:34 +00:00
Starbeamrainbowlabs	d99ca1685c	lib-storage-box: make more robust ... I have no idea what's going on here	2022-02-27 15:35:01 +00:00
Starbeamrainbowlabs	0ecc874fc1	credits: add author of latest PR	2022-02-19 15:22:05 +00:00
Starbeamrainbowlabs	ae4d03da17	Bugfix: Banish erroneous additional entries in complex tables of contents	2022-02-18 23:59:42 +00:00
Starbeamrainbowlabs	334b928c1e	Add initial support for embedding videos from YouTube, Vimeo, etc	2022-02-07 02:46:47 +00:00
Starbeamrainbowlabs	439187139d	Bugfix: fix crash when attempting to leave a top-level comment	2022-02-06 00:24:55 +00:00
Starbeamrainbowlabs	75e2abce0f	parser-parsedown: fix typo in help	2022-01-30 02:36:48 +00:00
Starbeamrainbowlabs	021ebaea22	Fix crash when loading the stats page	2022-01-05 02:47:28 +00:00
Starbeamrainbowlabs	4853c1f604	fix login when hosting Pepperminty Wiki in a subdirectory	2021-09-30 21:26:30 +01:00
Starbeamrainbowlabs	7cf545a3ca	Fix more intelligent returnto redirect	2021-09-30 21:06:07 +01:00
Starbeamrainbowlabs	fa407ce99d	login: regenerate sessiono token on login; make returnto sanitisation more intelligent	2021-09-27 21:32:39 +01:00
Starbeamrainbowlabs	4f3a1c3757	Display returnto URL above the login form if present to further mitigate CSRF issues	2021-09-27 20:51:12 +01:00
Starbeamrainbowlabs	7b6cbbe821	feature-upload: ensure that Javascript in SVG images does not execute ... My first time using Content-Security-Policy. Yay! It's real powerful, but I have yet to find a good generator to help me create more complex policies. In this case, the policy allows everything by default, but disables all Javascript. This new Content-Security-Policy header is served for all image previews.	2021-09-21 14:04:42 +01:00
Starbeamrainbowlabs	f59e68127c	Ensured that the returnto GET parameter leads you only to another place on your Pepperminty Wiki instance (thanks, @JamieSlome)	2021-09-21 13:40:12 +01:00
Starbeamrainbowlabs	4be6a181cb	Bugfix: XSS in format GET param of stats action	2021-09-21 13:29:27 +01:00
Starbeamrainbowlabs	14eb9e0d41	fixup	2021-09-03 02:04:49 +01:00
Starbeamrainbowlabs	edd1702ea3	page-sitemap: tweak description	2021-09-03 02:04:41 +01:00
Starbeamrainbowlabs	ec0b556892	recent changes: fix broken charactetr when displaying page moves	2021-09-03 02:01:24 +01:00
Starbeamrainbowlabs	de4536e173	page-view: XSS again again again	2021-09-03 01:50:09 +01:00
Starbeamrainbowlabs	fef9102393	page-move: htmlentities & returnto support in login URLs	2021-09-03 01:41:51 +01:00
Starbeamrainbowlabs	c0c2bd7f6a	page-login: minor htmlentities for breakfast, lunch, and tea	2021-09-03 01:37:11 +01:00
Starbeamrainbowlabs	e2517c0b20	page-list: Yep, you guessed it! XSS again.....	2021-09-03 01:34:38 +01:00
Starbeamrainbowlabs	7aaded1f40	page-help: Add formats to data size bar on ?action=help&dev=yes	2021-09-03 01:29:49 +01:00
Starbeamrainbowlabs	9bd69b1b01	page-export: XSS	2021-09-03 01:26:14 +01:00
Starbeamrainbowlabs	42ad55c849	page-edit: XSS	2021-09-03 01:23:42 +01:00
Starbeamrainbowlabs	3f286b4cda	page-delete: fix XSS	2021-09-03 01:16:29 +01:00
Starbeamrainbowlabs	54166c9b79	page-credits: htmlentities *everywhere*	2021-09-03 01:12:49 +01:00
Starbeamrainbowlabs	4dda12d195	feaature-watchlist: minor XSS improvements	2021-09-03 01:10:54 +01:00
Starbeamrainbowlabs	2844a47f9f	feature-user-table: fix potential obscure XSS attack	2021-09-03 01:08:27 +01:00
Starbeamrainbowlabs	2d6bf1df70	feature-user-preferences: fiix potential xss vulnerabilities	2021-09-03 01:01:38 +01:00
Starbeamrainbowlabs	227a7ac662	feature-upload: fix potential XSS attacks	2021-09-03 00:42:36 +01:00
Starbeamrainbowlabs	6dd3e52a9c	feature-theme-gallery: fill in help text	2021-09-03 00:26:55 +01:00
Starbeamrainbowlabs	538f899018	feturee-stats: minor admindetails_name issue	2021-09-03 00:14:53 +01:00
Starbeamrainbowlabs	98485e7bd2	feature-search: fix potential XSS	2021-09-03 00:00:49 +01:00
Starbeamrainbowlabs	d977d594e6	feture-recent-changes: fix typo	2021-09-02 23:02:01 +01:00
Starbeamrainbowlabs	0ff5ab20ec	feature-interwiki-links: fix potential XSS attack	2021-09-02 23:00:50 +01:00
Starbeamrainbowlabs	b5b38166ac	feature-history: fix potential XSS attack	2021-09-02 22:58:19 +01:00
Starbeamrainbowlabs	3f61c9eac0	feature-guiconfig: fix potential obscure XSS	2021-09-02 22:53:59 +01:00
Starbeamrainbowlabs	80f77a93b5	feature-comments: fix potential XSS	2021-09-02 22:50:00 +01:00