Pepperminty-Wiki

mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-10-22 06:23:01 +00:00

Author	SHA1	Message	Date
Starbeamrainbowlabs	7b6cbbe821	feature-upload: ensure that Javascript in SVG images does not execute My first time using Content-Security-Policy. Yay! It's real powerful, but I have yet to find a good generator to help me create more complex policies. In this case, the policy allows everything by default, but disables all Javascript. This new Content-Security-Policy header is served for all image previews.	2021-09-21 14:04:42 +01:00
Starbeamrainbowlabs	f59e68127c	Ensured that the `returnto` GET parameter leads you only to another place on your Pepperminty Wiki instance (thanks, @JamieSlome)	2021-09-21 13:40:12 +01:00
Starbeamrainbowlabs	4be6a181cb	Bugfix: XSS in format GET param of stats action	2021-09-21 13:29:27 +01:00
Starbeamrainbowlabs	14eb9e0d41	fixup	2021-09-03 02:04:49 +01:00
Starbeamrainbowlabs	edd1702ea3	page-sitemap: tweak description	2021-09-03 02:04:41 +01:00
Starbeamrainbowlabs	ec0b556892	recent changes: fix broken charactetr when displaying page moves	2021-09-03 02:01:24 +01:00
Starbeamrainbowlabs	de4536e173	page-view: XSS again again again	2021-09-03 01:50:09 +01:00
Starbeamrainbowlabs	fef9102393	page-move: htmlentities & returnto support in login URLs	2021-09-03 01:41:51 +01:00
Starbeamrainbowlabs	c0c2bd7f6a	page-login: minor htmlentities for breakfast, lunch, and tea	2021-09-03 01:37:11 +01:00
Starbeamrainbowlabs	e2517c0b20	page-list: Yep, you guessed it! XSS again.....	2021-09-03 01:34:38 +01:00
Starbeamrainbowlabs	7aaded1f40	page-help: Add formats to data size bar on ?action=help&dev=yes	2021-09-03 01:29:49 +01:00
Starbeamrainbowlabs	9bd69b1b01	page-export: XSS	2021-09-03 01:26:14 +01:00
Starbeamrainbowlabs	42ad55c849	page-edit: XSS	2021-09-03 01:23:42 +01:00
Starbeamrainbowlabs	3f286b4cda	page-delete: fix XSS	2021-09-03 01:16:29 +01:00
Starbeamrainbowlabs	54166c9b79	page-credits: htmlentities everywhere	2021-09-03 01:12:49 +01:00
Starbeamrainbowlabs	4dda12d195	feaature-watchlist: minor XSS improvements	2021-09-03 01:10:54 +01:00
Starbeamrainbowlabs	2844a47f9f	feature-user-table: fix potential obscure XSS attack	2021-09-03 01:08:27 +01:00
Starbeamrainbowlabs	2d6bf1df70	feature-user-preferences: fiix potential xss vulnerabilities	2021-09-03 01:01:38 +01:00
Starbeamrainbowlabs	227a7ac662	feature-upload: fix potential XSS attacks	2021-09-03 00:42:36 +01:00
Starbeamrainbowlabs	6dd3e52a9c	feature-theme-gallery: fill in help text	2021-09-03 00:26:55 +01:00
Starbeamrainbowlabs	538f899018	feturee-stats: minor admindetails_name issue	2021-09-03 00:14:53 +01:00
Starbeamrainbowlabs	98485e7bd2	feature-search: fix potential XSS	2021-09-03 00:00:49 +01:00
Starbeamrainbowlabs	d977d594e6	feture-recent-changes: fix typo	2021-09-02 23:02:01 +01:00
Starbeamrainbowlabs	0ff5ab20ec	feature-interwiki-links: fix potential XSS attack	2021-09-02 23:00:50 +01:00
Starbeamrainbowlabs	b5b38166ac	feature-history: fix potential XSS attack	2021-09-02 22:58:19 +01:00
Starbeamrainbowlabs	3f61c9eac0	feature-guiconfig: fix potential obscure XSS	2021-09-02 22:53:59 +01:00
Starbeamrainbowlabs	80f77a93b5	feature-comments: fix potential XSS	2021-09-02 22:50:00 +01:00
Starbeamrainbowlabs	a1259ec8d9	action-random: use new slugify() function	2021-09-02 22:39:10 +01:00
Starbeamrainbowlabs	bacfc11723	fixup	2021-09-02 22:29:48 +01:00
Starbeamrainbowlabs	51be347000	action-protect: fix	2021-09-02 22:29:39 +01:00
Starbeamrainbowlabs	f400da6dce	Page renderer: Automatically run htmlentities() on all titles	2021-09-02 21:34:40 +01:00
Starbeamrainbowlabs	e0f65c2e65	action-hash: fix potential XSS in string GET param	2021-09-02 21:27:26 +01:00
Starbeamrainbowlabs	b6fc5941b7	feature-watchlist: fix format GET parameter	2021-09-02 21:23:31 +01:00
Starbeamrainbowlabs	dfe76d1d9b	feature-watchlist: Fix Potential XSS in do GET parameter	2021-09-02 21:21:17 +01:00
Starbeamrainbowlabs	96546184dc	Implement simple slugify function I suspect I may have to fix a number of issues here.....	2021-09-02 21:19:31 +01:00
Starbeamrainbowlabs	0a77065c3f	Bugfix: Fix stored XSS attack - ref CVE-2021-38600 See https://github.com/hmaverickadams/CVE-2021-38600 For some reason the author did not think ti wise to let me know privately first - instead publicly announcing it via a GitHub repo..... sigh. In addition, is this really a vulnerability? Since Pepperminty Wiki requires the site secret to set it up, I can't see that this has a real impact. Still, I'll fix it anyway.....	2021-09-02 20:54:06 +01:00
Starbeamrainbowlabs	fab1b52882	Bugfix: fix error handling logic	2021-08-15 21:46:19 +01:00
Starbeamrainbowlabs	ba70f74a96	Added automatic system requirements indicator to first run	2021-08-06 01:50:08 +01:00
Starbeamrainbowlabs	e7b3f5e0d0	feature-upload: add function / class existence checks where functions from php extensions are required	2021-08-06 01:49:59 +01:00
Starbeamrainbowlabs	fb9eec2d33	Fix & improve sidebar	2021-07-21 00:44:31 +01:00
Starbeamrainbowlabs	86206195b6	Fix crash when using the search bar in recent versions of php	2021-07-20 23:54:56 +01:00
Starbeamrainbowlabs	0c9934038c	feature-cli: fix typo	2021-06-10 20:11:53 +01:00
Starbeamrainbowlabs	26f5838ce0	Add experimental [display text](./Page Name.md) style internal links This is transparently handled by a wrapper around inlineLink, which conditionally bails by returning the parent if parsing fails. It then ~~ab~~uses inlineInternalLink to provide proper internal link support. Fixes #190.	2021-04-11 21:47:41 +01:00
Starbeamrainbowlabs	77880d9410	search: properly apply weightings in titlels and tags	2021-02-10 22:17:38 +00:00
Starbeamrainbowlabs	e76eaf5963	feature-stats: bump version	2020-11-20 21:20:05 +00:00
Starbeamrainbowlabs	05314c464e	Merge branch 'master' of github.com:sbrl/Pepperminty-Wiki	2020-11-20 21:13:42 +00:00
Starbeamrainbowlabs	d29b87eb6d	Make the statistic update system more resilient	2020-11-20 21:13:31 +00:00
Popol	d5e4332652	typo	2020-11-07 13:15:48 +01:00
Starbeamrainbowlabs	880c9e3796	Send `x-robots-tag: noindex,nofollow` with the login page SemrushBot, you better obey this one	2020-10-26 18:59:53 +00:00
Starbeamrainbowlabs	2677bb8143	page-sitemap: add module	2020-10-26 18:26:59 +00:00
Starbeamrainbowlabs	7b3f06d539	page-credits: add page-sitemap support	2020-10-26 18:26:52 +00:00
Starbeamrainbowlabs	d7128eed0e	api-status: add sitemap_url property if the page-sitemap module is present	2020-10-26 18:26:33 +00:00
Starbeamrainbowlabs	6abbdc4d1e	recent-changes: deduplicate in atom feed generation	2020-10-26 18:24:53 +00:00
Starbeamrainbowlabs	7dd9bd74c4	Add support for creating pages whose name is not yet known - fixes #194	2020-10-25 22:50:03 +00:00
Starbeamrainbowlabs	cfd087d919	Add MPL 2.0 short header to core code files	2020-09-23 23:22:39 +01:00
Starbeamrainbowlabs	dfca17d1cf	more of the same - this time in page / tag lists	2020-08-31 21:02:49 +01:00
Starbeamrainbowlabs	9fad95035b	Fix inbody:searchterm advanced query syntax - fixes #210 (thanks to @SeanFromIT for the report)	2020-08-19 16:59:54 +01:00
Starbeamrainbowlabs	9b109face2	Merge pull request #206 from SeanFromIT/master adding WikiProject Paranormal	2020-08-19 14:43:05 +01:00
Starbeamrainbowlabs	b30d70927b	parser-parsedown: bump version	2020-08-18 13:52:44 +01:00
Starbeamrainbowlabs	c2e4a04778	Fix #209	2020-08-18 13:49:16 +01:00
Sean Feeney	c598dfbf6d	phrasing fix	2020-08-14 18:55:27 -07:00
Starbeamrainbowlabs	8a05d79724	similar pages: tweak text	2020-08-11 18:13:47 +01:00
Starbeamrainbowlabs	b1381552f0	feature-readingtime: improve algorithm by stripping markdown syntax	2020-08-11 15:46:34 +01:00
Starbeamrainbowlabs	89d835afa5	Don't redirect when clicking on a redirect page in the recent changes list	2020-08-11 01:02:17 +01:00
Starbeamrainbowlabs	93bff09422	Update hide_email implementation It now requires Javascript to decode the email address. If this is a problem for whatever reason, please get in touch by opening an issue. I take accessibility very seriously.	2020-08-09 23:53:29 +01:00
Starbeamrainbowlabs	272fdea0ee	parser-parsedown: tweak help again	2020-08-09 17:11:12 +01:00
Starbeamrainbowlabs	9a0b2d6ba7	parser-parsedown: improve heading id documentation	2020-08-09 13:04:29 +01:00
Starbeamrainbowlabs	c0fa5b8ae4	Finish improvements to pageindex rebuilder also squash warning from stats engine during the firstrun wizard	2020-08-08 22:01:12 +01:00
Starbeamrainbowlabs	3b799cbcba	parser-parsedown: fix templating	2020-08-08 01:54:10 +01:00
Starbeamrainbowlabs	ddb7cd9c18	action-raw: add new typeheader GET parameter	2020-08-08 01:18:01 +01:00
Starbeamrainbowlabs	bbb3fc32ee	parser-parsedown: Add quick reference points in comments	2020-08-08 00:56:16 +01:00
Starbeamrainbowlabs	75c15d66b2	page-move: Ensure that the new subpage actually exists - fixes #201	2020-08-06 15:47:41 +01:00
Starbeamrainbowlabs	b25c144f1e	Bump module versions	2020-08-06 15:29:15 +01:00
Starbeamrainbowlabs	e3e2a01435	Improve PDF preview when embedded in pages - fixes #202	2020-08-06 15:28:24 +01:00
Starbeamrainbowlabs	1ec1705a62	Standardise error_log prefixes to aid clarity in multi-wiki environments	2020-07-28 19:42:41 +01:00
Starbeamrainbowlabs	7d93aa6a10	Overhaul the way we use setcookie() - Use SameSite=Strict to avoid issues in modern browsers & prevent session-stealing attacks - Use Secure when requests run over HTTPS by default to avoid downgrade-based session-stealing attacks - Add warning for PHP <= 7.2, as it doesn't support SameSite in setcookie().	2020-07-28 19:40:22 +01:00
Starbeamrainbowlabs	0f23ce3fd1	redirect: fix redirect logic	2020-07-12 14:45:56 +01:00
Starbeamrainbowlabs	36e8fe2a17	feature-search: remove debugging	2020-07-11 01:00:16 +01:00
Starbeamrainbowlabs	31253edff4	feture-search: properly break reference after pointer foreach ref https://bugs.php.net/bug.php?id=70387	2020-07-11 00:39:05 +01:00
Starbeamrainbowlabs	521b66394c	add missing variable name	2020-07-10 23:23:32 +01:00
Starbeamrainbowlabs	86216fd4c1	search: squash file_get_contents warning, but more insight is needed. closes #193 .	2020-07-10 23:22:30 +01:00
Starbeamrainbowlabs	b4e4094451	Bugfix libsearchengine: fix handling of exclusions that are in both the body and the title	2020-07-10 23:04:59 +01:00
Starbeamrainbowlabs	41009bb810	avatar: fix typo in uploaded avatar name & add new avatars_gravatar_enable setting	2020-07-10 19:46:06 +01:00
Starbeamrainbowlabs	450c2485ae	debug: obscure even more secrets	2020-07-09 00:44:13 +01:00
Starbeamrainbowlabs	fae6e3ecae	debug: hide more secret stuff	2020-07-09 00:22:27 +01:00
Starbeamrainbowlabs	67fdba2baf	Security: Fix logic in page-debug	2020-07-09 00:15:54 +01:00
Starbeamrainbowlabs	edc1a694dd	feature-comments: add 2 new settings	2020-07-08 19:35:42 +01:00
Starbeamrainbowlabs	d94fc42547	Bugfix feature-redirect: fix typo in variable name	2020-07-07 21:19:50 +01:00
Starbeamrainbowlabs	47b5855396	feature-redirect: fix comment	2020-07-07 21:15:14 +01:00
Starbeamrainbowlabs	8aff75a805	Bugfix: Don't redirect when navigating to a redirect page from a page list	2020-07-07 21:11:13 +01:00
Starbeamrainbowlabs	1813fe73e2	Add absolute redirects	2020-07-07 21:10:38 +01:00
Starbeamrainbowlabs	beb4e2e968	noindex, nofollow login pages to try and stop bots from getting into infinite loops	2020-06-11 20:52:25 +01:00
Starbeamrainbowlabs	237d10f908	Bugfix: Display link when redirect page sends user to a another page that doesn't exist Note that this only shows for users with permission to edit the target page at the moment.	2020-06-04 19:11:29 +01:00
Starbeamrainbowlabs	79ddc234d2	Bugfix: Squash warning when determining language in the fenced code block extensions	2020-06-04 01:42:29 +01:00
Starbeamrainbowlabs	90a2a3f6c6	Bugfix: Only show similar page suggestions if we're on the view action	2020-06-04 01:15:10 +01:00
Starbeamrainbowlabs	94bda35906	Add some basic sltye rules to make the suggested pages look less terrible Particularly with the photo theme we need to do some more work....	2020-05-26 13:16:33 +01:00
Starbeamrainbowlabs	27b4d57c46	Bugfix: only replace the first instance when inserting the estimated reading time	2020-05-25 21:26:36 +01:00
Starbeamrainbowlabs	e55308f50a	Display basic similar page suggestions. They are w=even appearing in the right pace! Next up, we need to write the CSS to make it look pretty :D	2020-05-25 21:15:19 +01:00
Starbeamrainbowlabs	5693c24358	Remove rogue semicolon	2020-05-25 00:32:26 +01:00
Starbeamrainbowlabs	725611ace4	readingtime: remove temporary error_log lines	2020-05-25 00:25:02 +01:00

1 2 3 4 5 ...

941 commits