1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-15 02:03:01 +00:00
Commit graph

1847 commits

Author SHA1 Message Date
Natali
fd9db1e5d3
adding IIS config to Getting Started instructions 2022-02-18 08:56:33 -07:00
9112884949
README: Update todo list 2022-02-07 03:01:14 +00:00
334b928c1e
Add initial support for embedding videos from YouTube, Vimeo, etc 2022-02-07 02:46:47 +00:00
4065f1c0ea
themes photo: support <object>, add <iframe> as in previous commit 2022-02-07 02:26:00 +00:00
1a9514594d
themes: treat iframe as img, audio, and video HTML elements 2022-02-07 02:25:34 +00:00
439187139d
Bugfix: fix crash when attempting to leave a top-level comment 2022-02-06 00:24:55 +00:00
75e2abce0f
parser-parsedown: fix typo in help 2022-01-30 02:36:48 +00:00
021ebaea22
Fix crash when loading the stats page 2022-01-05 02:47:28 +00:00
4853c1f604
fix login when hosting Pepperminty Wiki in a subdirectory 2021-09-30 21:26:30 +01:00
7cf545a3ca
Fix more intelligent returnto redirect 2021-09-30 21:06:07 +01:00
fa407ce99d
login: regenerate sessiono token on login; make returnto sanitisation more intelligent 2021-09-27 21:32:39 +01:00
4f3a1c3757
Display returnto URL above the login form if present to further mitigate CSRF issues 2021-09-27 20:51:12 +01:00
2e1e1d0535
100-run: fix XSS when action is not found 2021-09-25 11:42:07 +01:00
978da55e00
Update changelog 2021-09-21 14:10:02 +01:00
7b6cbbe821
feature-upload: ensure that Javascript in SVG images does not execute
My first time using Content-Security-Policy. Yay!

It's real powerful, but I have yet to find a good generator to help me 
create more complex policies. In this case, the policy allows everything 
by default, but disables all Javascript.

This new Content-Security-Policy header is served for all image 
previews.
2021-09-21 14:04:42 +01:00
f59e68127c
Ensured that the returnto GET parameter leads you only to another place on your Pepperminty Wiki instance (thanks, @JamieSlome) 2021-09-21 13:40:12 +01:00
4be6a181cb
Bugfix: XSS in format GET param of stats action 2021-09-21 13:29:27 +01:00
bca154859c
Apparently security researchers have a big problem with reading. 2021-09-20 01:05:26 +01:00
05555e7d55
Changelog: fix heading indents 2021-09-15 14:42:50 +01:00
874f703c39
Bugfix build.sh: fix shellcheck error 2021-09-11 01:14:28 +01:00
a3c0f04668
README: Add explicit security section 2021-09-05 15:58:09 +01:00
ae1842d064
docs: Add web server config snippet for Apache (thanks, @viradpt!) and Nginx 2021-09-03 21:12:36 +01:00
fd8703470d
docs/making a release: Add tweet template text 2021-09-03 02:37:56 +01:00
d84411b746
Bump version to v0.24-dev 2021-09-03 02:34:50 +01:00
6b9dfbcf68
Update changelog again 2021-09-03 02:26:47 +01:00
51475b41b1
Update Changelog 2021-09-03 02:25:58 +01:00
8e4afbc31c
build.sh: fix xargs warning 2021-09-03 02:07:47 +01:00
07eed388bd
Bump version 2021-09-03 02:05:24 +01:00
14eb9e0d41
fixup 2021-09-03 02:04:49 +01:00
edd1702ea3
page-sitemap: tweak description 2021-09-03 02:04:41 +01:00
ec0b556892
recent changes: fix broken charactetr when displaying page moves 2021-09-03 02:01:24 +01:00
525dbaa3e1
page history: fix username rendering 2021-09-03 02:01:07 +01:00
0a950425e1
Bugfix: fix new slugify function 2021-09-03 01:55:05 +01:00
de4536e173
page-view: XSS again again again 2021-09-03 01:50:09 +01:00
fef9102393
page-move: htmlentities & returnto support in login URLs 2021-09-03 01:41:51 +01:00
c0c2bd7f6a
page-login: minor htmlentities for breakfast, lunch, and tea 2021-09-03 01:37:11 +01:00
e2517c0b20
page-list: Yep, you guessed it! XSS again..... 2021-09-03 01:34:38 +01:00
7aaded1f40
page-help: Add formats to data size bar on ?action=help&dev=yes 2021-09-03 01:29:49 +01:00
9bd69b1b01
page-export: XSS 2021-09-03 01:26:14 +01:00
42ad55c849
page-edit: XSS 2021-09-03 01:23:42 +01:00
3f286b4cda
page-delete: fix XSS 2021-09-03 01:16:29 +01:00
54166c9b79
page-credits: htmlentities *everywhere* 2021-09-03 01:12:49 +01:00
4dda12d195
feaature-watchlist: minor XSS improvements 2021-09-03 01:10:54 +01:00
2844a47f9f
feature-user-table: fix potential obscure XSS attack 2021-09-03 01:08:27 +01:00
2d6bf1df70
feature-user-preferences: fiix potential xss vulnerabilities 2021-09-03 01:01:38 +01:00
1f51bf31c6
Add new file formats to the list of allowed formats for uploaded files:
image/avif
image/jxl

Also, lesser known image formats:

image/hief image/heic
2021-09-03 00:52:01 +01:00
227a7ac662
feature-upload: fix potential XSS attacks 2021-09-03 00:42:36 +01:00
4a00a404e1
Update changelog 2021-09-03 00:28:20 +01:00
6dd3e52a9c
feature-theme-gallery: fill in help text 2021-09-03 00:26:55 +01:00
538f899018
feturee-stats: minor admindetails_name issue 2021-09-03 00:14:53 +01:00