f400da6dce
Page renderer: Automatically run htmlentities() on all titles
2021-09-02 21:34:40 +01:00
e0f65c2e65
action-hash: fix potential XSS in string GET param
2021-09-02 21:27:26 +01:00
b6fc5941b7
feature-watchlist: fix format GET parameter
2021-09-02 21:23:31 +01:00
dfe76d1d9b
feature-watchlist: Fix Potential XSS in do GET parameter
2021-09-02 21:21:17 +01:00
96546184dc
Implement simple slugify function
...
I suspect I may have to fix a number of issues here.....
2021-09-02 21:19:31 +01:00
0a77065c3f
Bugfix: Fix stored XSS attack - ref CVE-2021-38600
...
See https://github.com/hmaverickadams/CVE-2021-38600
For some reason the author did not think ti wise to let me know
privately first - instead publicly announcing it via a GitHub repo.....
sigh.
In addition, is this *really* a vulnerability? Since Pepperminty Wiki
requires the site secret to set it up, I can't see that this has a real
impact.
Still, I'll fix it anyway.....
2021-09-02 20:54:06 +01:00
fab1b52882
Bugfix: fix error handling logic
2021-08-15 21:46:19 +01:00
ba70f74a96
Added automatic system requirements indicator to first run
2021-08-06 01:50:08 +01:00
e7b3f5e0d0
feature-upload: add function / class existence checks where functions from php extensions are required
2021-08-06 01:49:59 +01:00
fb9eec2d33
Fix & improve sidebar
2021-07-21 00:44:31 +01:00
86206195b6
Fix crash when using the search bar in recent versions of php
2021-07-20 23:54:56 +01:00
0c9934038c
feature-cli: fix typo
2021-06-10 20:11:53 +01:00
26f5838ce0
Add experimental [display text](./Page Name.md) style internal links
...
This is transparently handled by a wrapper around inlineLink, which
conditionally bails by returning the parent if parsing fails. It then
~~ab~~uses inlineInternalLink to provide proper internal link support.
Fixes #190 .
2021-04-11 21:47:41 +01:00
77880d9410
search: properly apply weightings in titlels and tags
2021-02-10 22:17:38 +00:00
e76eaf5963
feature-stats: bump version
2020-11-20 21:20:05 +00:00
05314c464e
Merge branch 'master' of github.com:sbrl/Pepperminty-Wiki
2020-11-20 21:13:42 +00:00
d29b87eb6d
Make the statistic update system more resilient
2020-11-20 21:13:31 +00:00
Popol
d5e4332652
typo
2020-11-07 13:15:48 +01:00
880c9e3796
Send x-robots-tag: noindex,nofollow
with the login page
...
SemrushBot, you better obey this one
2020-10-26 18:59:53 +00:00
2677bb8143
page-sitemap: add module
2020-10-26 18:26:59 +00:00
7b3f06d539
page-credits: add page-sitemap support
2020-10-26 18:26:52 +00:00
d7128eed0e
api-status: add sitemap_url property if the page-sitemap module is present
2020-10-26 18:26:33 +00:00
6abbdc4d1e
recent-changes: deduplicate in atom
...
feed generation
2020-10-26 18:24:53 +00:00
7dd9bd74c4
Add support for creating pages whose name is not yet known - fixes #194
2020-10-25 22:50:03 +00:00
cfd087d919
Add MPL 2.0 short header to core code files
2020-09-23 23:22:39 +01:00
dfca17d1cf
more of the same - this time in page / tag lists
2020-08-31 21:02:49 +01:00
9fad95035b
Fix inbody:searchterm advanced query syntax - fixes #210 (thanks to @SeanFromIT for the report)
2020-08-19 16:59:54 +01:00
9b109face2
Merge pull request #206 from SeanFromIT/master
...
adding WikiProject Paranormal
2020-08-19 14:43:05 +01:00
b30d70927b
parser-parsedown: bump version
2020-08-18 13:52:44 +01:00
c2e4a04778
Fix #209
2020-08-18 13:49:16 +01:00
Sean Feeney
c598dfbf6d
phrasing fix
2020-08-14 18:55:27 -07:00
8a05d79724
similar pages: tweak text
2020-08-11 18:13:47 +01:00
b1381552f0
feature-readingtime: improve algorithm by stripping markdown syntax
2020-08-11 15:46:34 +01:00
89d835afa5
Don't redirect when clicking on a redirect page in the recent changes list
2020-08-11 01:02:17 +01:00
93bff09422
Update hide_email implementation
...
It now requires Javascript to decode the email address. If this is a
problem for whatever reason, please get in touch by opening an issue. I
take accessibility very seriously.
2020-08-09 23:53:29 +01:00
272fdea0ee
parser-parsedown: tweak help again
2020-08-09 17:11:12 +01:00
9a0b2d6ba7
parser-parsedown: improve heading id documentation
2020-08-09 13:04:29 +01:00
c0fa5b8ae4
Finish improvements to pageindex rebuilder
...
also squash warning from stats engine during the firstrun wizard
2020-08-08 22:01:12 +01:00
3b799cbcba
parser-parsedown: fix templating
2020-08-08 01:54:10 +01:00
ddb7cd9c18
action-raw: add new typeheader GET parameter
2020-08-08 01:18:01 +01:00
bbb3fc32ee
parser-parsedown: Add quick reference points in comments
2020-08-08 00:56:16 +01:00
75c15d66b2
page-move: Ensure that the new subpage actually exists - fixes #201
2020-08-06 15:47:41 +01:00
b25c144f1e
Bump module versions
2020-08-06 15:29:15 +01:00
e3e2a01435
Improve PDF preview when embedded in pages - fixes #202
2020-08-06 15:28:24 +01:00
1ec1705a62
Standardise error_log prefixes to aid clarity in multi-wiki environments
2020-07-28 19:42:41 +01:00
7d93aa6a10
Overhaul the way we use setcookie()
...
- Use SameSite=Strict to avoid issues in modern browsers & prevent
session-stealing attacks
- Use Secure when requests run over HTTPS by default to avoid
downgrade-based session-stealing attacks
- Add warning for PHP <= 7.2, as it doesn't support SameSite in
setcookie().
2020-07-28 19:40:22 +01:00
0f23ce3fd1
redirect: fix redirect logic
2020-07-12 14:45:56 +01:00
36e8fe2a17
feature-search: remove debugging
2020-07-11 01:00:16 +01:00
31253edff4
feture-search: properly break reference after pointer foreach
...
ref https://bugs.php.net/bug.php?id=70387
2020-07-11 00:39:05 +01:00
521b66394c
add missing variable name
2020-07-10 23:23:32 +01:00