Commit graph

28744 commits

Author SHA1 Message Date
Tobias Diekershoff
fb721f8e30
Merge pull request #9166 from MrPetovan/bug/phpinfo-accessible-hotfix
[Hotfix] Fix security vulnerability in admin modules
2020-09-08 19:56:26 +02:00
Hypolite Petovan
3efa8648c5 Fix security vulnerability in admin modules
- The Module\BaseAdmin::post method checked credentials but didn't abort the process when it failed
- Created Module\BaseAdmin::checkAdminAccess method
2020-09-08 12:27:43 -04:00
Hypolite Petovan
9bc2c5a52e Normalize use of form security tokens in Admin modules
# Conflicts:
#	src/Module/Admin/Logs/Settings.php
2020-09-08 12:27:36 -04:00
Hypolite Petovan
2ce15cae1a Use router parameters in Admin modules
- Remove 10 @TODO tags

# Conflicts:
#	src/Module/Admin/DBSync.php
#	src/Module/Admin/Themes/Details.php
#	src/Module/Admin/Themes/Embed.php
2020-09-08 12:27:15 -04:00
Hypolite Petovan
d15f522752
Merge pull request #9143 from annando/api-count
API: Counts added, local query improved
2020-09-08 11:14:00 -04:00
Michael Vogel
8126947b90
Merge pull request #9160 from MrPetovan/bug/9138-escape-field-input
Add HTML escaping to field_input value
2020-09-08 04:00:36 +02:00
Michael Vogel
065ab017c7
Merge pull request #9161 from MrPetovan/bug/9140-private-note-self-only
Add a self-only ACL block to personal notes jot
2020-09-08 03:57:11 +02:00
Michael Vogel
9c5be32046
Merge pull request #9162 from MrPetovan/bug/8885-permissions-capitalization
[frio] Update capitalization of "Permissions" translation string
2020-09-08 03:50:58 +02:00
Michael
e45ccea0f2 Tabs instead of spaces 2020-09-08 01:45:59 +00:00
Michael
24f1bb4ea1 Class file renamed 2020-09-08 01:44:49 +00:00
Michael Vogel
2bb725fa30
Apply suggestions from code review
Co-authored-by: Hypolite Petovan <hypolite@mrpetovan.com>
2020-09-08 03:39:51 +02:00
Hypolite Petovan
6251feface Regenerate base messages.po after translation string change 2020-09-07 21:25:26 -04:00
Hypolite Petovan
f1e36eac7d Update capitalization of "Permissions" translation string 2020-09-07 21:25:04 -04:00
Hypolite Petovan
ef01fb7b21
Merge pull request #9159 from mpanhans/patch-1
Update Forums.md
2020-09-07 19:35:56 -04:00
mpanhans
f8e8c23c0c
Update Forums.md 2020-09-07 19:32:15 -04:00
Hypolite Petovan
5730da264b Add a self-only ACL block to personal notes jot 2020-09-07 19:27:51 -04:00
Hypolite Petovan
5f5b97dad6 Create self-only ACL template and helper method 2020-09-07 19:27:32 -04:00
Hypolite Petovan
c4267bbca0 Remove unused jot.tpl template variables 2020-09-07 19:27:23 -04:00
Hypolite Petovan
aa7eb75e62 Add HTML escaping to field_input value
- Quotes weren't rendering in pre-populated fields
2020-09-07 18:53:04 -04:00
mpanhans
5eb2e3edfb
Update Forums.md
Update Forums help documentation to include the implemented front-end for page delegation.
2020-09-07 16:56:58 -04:00
Michael
59374eb6c6 Use "StatusCounts" class 2020-09-07 18:24:11 +00:00
Tobias Diekershoff
0f2bd07b28 ypot 2020-09-07 19:18:31 +02:00
Tobias Diekershoff
046ae6e978 some small additions and clarifications 2020-09-07 18:25:56 +02:00
Hypolite Petovan
dcac7f0a78
Merge pull request #9157 from tobiasd/20200907-9155lighttpd
lighttpd follow up of #9155
2020-09-07 11:55:19 -04:00
Michael Vogel
169a83b30e
Merge pull request #9158 from tobiasd/20200907-IT
IT translations THX Sylke Vicious
2020-09-07 16:57:21 +02:00
Michael
1bca280eae StdClass instead of arrays 2020-09-07 14:34:05 +00:00
Michael
07ccfb212b Merge remote-tracking branch 'upstream/2020.09-rc' into api-count 2020-09-07 14:29:02 +00:00
Tobias Diekershoff
1c5a0fc308 IT translations THX Sylke Vicious 2020-09-07 16:26:03 +02:00
Tobias Diekershoff
3df8439b98 lighttpd follow up of #9155 2020-09-07 14:37:24 +02:00
Tobias Diekershoff
2f168d17f4
Merge pull request #9155 from MrPetovan/bug/9154-forbid-bin
Forbid non-CLI access to command-line scripts
2020-09-07 13:01:10 +02:00
Tobias Diekershoff
6728b518ab
Merge pull request #9156 from annando/issue-9153
Issue 9153 Use "info" instead of "notice" on successful operations
2020-09-07 12:57:10 +02:00
Michael
f56e765158 Issue 9153 Use "info" instead of "notice" on successful operations 2020-09-07 10:17:42 +00:00
Hypolite Petovan
ae045eff41 Update nginx sample config with location deny for bin/ folder 2020-09-07 05:51:58 -04:00
Hypolite Petovan
06632536f3 Forbid non-CLI access to command-line scripts 2020-09-07 05:51:26 -04:00
Hypolite Petovan
3bd8b81154 Prevents Apache from serving CLI scripts 2020-09-07 05:43:20 -04:00
Hypolite Petovan
b530ef709d
Merge pull request #9147 from annando/Issue-8882
Issue 8882: Fixes permissions of pinned posts
2020-09-07 03:14:25 -04:00
Tobias Diekershoff
f997b36085
Merge pull request #9152 from annando/fix-notifications
Fix notifications for wrong users
2020-09-07 07:19:10 +02:00
Michael
90315e3434 Don't perform actions on empty conditions 2020-09-07 05:00:17 +00:00
Michael
2a0635185a Fix notifications for wrong users 2020-09-07 04:36:28 +00:00
Michael
4852458645 Simplify the code / check number of parameters in mergeConditions 2020-09-06 20:28:08 +00:00
Hypolite Petovan
e92904c3f3
Merge pull request #9149 from annando/issue-9099
Issue 9099: Improve mentions from non followers
2020-09-06 16:16:20 -04:00
Michael
0684922ec2 Use array_unique 2020-09-06 20:09:29 +00:00
Michael
d332272d55 Issue 9099: Improve mentions from non followers 2020-09-06 19:22:53 +00:00
Tobias Diekershoff
ee13d074e0
Merge pull request #9148 from annando/issue-9142
Issue 9142: Make the message ID look more like a message ID
2020-09-06 20:26:06 +02:00
Michael
5b6ced9c6e Issue 9142: Make the message ID look more like a message ID 2020-09-06 17:47:25 +00:00
Michael
8d0d6bcd0c Issue 8882: Fixes permissions of pinned posts 2020-09-06 15:05:42 +00:00
Tobias Diekershoff
a537331be6 fix indentation 2020-09-06 14:36:28 +02:00
Tobias Diekershoff
5f5bee6da0 a 1st draft of the 2020.09 CHANGELOG file 2020-09-06 14:28:17 +02:00
Tobias Diekershoff
f3934eb0c2
Merge pull request #9145 from annando/duplicate-apcontact
Avoid "Duplicate entry" error in apcontact
2020-09-06 12:41:45 +02:00
Tobias Diekershoff
058a3a2e7c
Merge pull request #9144 from annando/issue-9137
Issue 9137: Fix "Incorrect integer value:"
2020-09-06 11:54:23 +02:00