mbirth/LuckyCoinkydink
1
0
Fork 0
Code Issues Pull Requests Activity
5,189 Commits 2 Branches 42 Tags
Commit Graph

1437 Commits

Author SHA1 Message Date
Garvin Hicking
b8897b3250 PHP7 check 2017-04-08 17:01:31 +02:00
Garvin Hicking
86a17f9a2b Register fatal error handler 2017-04-08 15:45:21 +02:00
klemens
5a95db314a spelling fixes 2017-04-06 22:26:07 +02:00
onli
cdf375623d Require token to change theme (fixes #452) 2017-03-02 12:08:05 +01:00
Thomas Heidrich
3a7e04c69c improved check quality 
!empty verifies that $username has been set with a significant value of any kind; is_string makes sure the type is really what is being expected in the following code.
 2017-02-09 23:39:06 +01:00
Thomas Heidrich
e28bbf04d2 avoid HTTP500 crashing when username is an array 2017-02-08 20:19:43 +01:00
Thomas Heidrich
7a0a9e2156 some PHP functions expect strings and crash otherwise 2017-02-07 21:13:51 +01:00
Garvin Hicking
2b5de12b38 Issue #437 2017-01-26 08:25:06 +01:00
onli
7e70f91686 Add form token to comment delete link 2017-01-17 11:42:37 +01:00
onli
f947c66f66 Add multiple missing CSRF tokens (#439) 
Deleting comments, disabling comment threads, installing plugins, toggling a spartacus update check
 2017-01-16 15:32:16 +01:00
Garvin Hicking
c62d667287 * [Security] Fix missing integer casting for inserting new categories 
(thanks to cdxy)
 2017-01-16 11:29:15 +01:00
Garvin Hicking
a48708021c * [Security] Reject %0D/%0A in exit tracking and other places 
(Issue #434)
 2017-01-03 09:21:25 +01:00
Garvin Hicking
4e8c310156 Issue #435, fix missing escaping of HTTP referer to prevent XSS 2017-01-02 09:37:45 +01:00
Garvin Hicking
0c8416f5df Allow setting a default category. 
Needs some testing, I am not sure how to solve the case now where "no category" shall be used. It will always fall back to the default category.
Probably if someone uses a default category, that's the intended behaviour?
 2016-12-23 10:14:27 +01:00
Garvin Hicking
fd2f23f3e7 upport security bugfix to escape dbType parameter on first installation (issue #433) 2016-12-19 11:18:10 +01:00
Garvin Hicking
e2a665e13b Sync changes 2016-11-28 15:34:10 +01:00
Garvin Hicking
dc3eb1e735 Merge branch 'master' of github.com:s9y/Serendipity 2016-11-02 12:18:58 +01:00
Garvin Hicking
26de428c18 Enhanced media upload check to also check redirects for local files, thanks to Xu Yue (again!) 2016-11-02 12:18:49 +01:00
Matthias Mees
7410465496 Improve accessibility of iconfont icons 
Iconfont icons are of no value to screenreader users; in our case,
they get alternative text. By adding 'aria-hidden="true"' to the
<span> holding the iconfont icon, we avoid the screenreader trying
to announce the iconfont icon.
 2016-10-26 11:29:25 +02:00
onli
d9b1baab76 Further improve theme ordering 
Stabilizes output of the recommended themes
 2016-10-10 18:43:03 +02:00
onli
196c3becb2 Order themes by their shown name 2016-10-10 18:36:44 +02:00
Garvin Hicking
846dbbeb85 Merge branch 'master' of github.com:s9y/Serendipity 2016-09-26 09:45:37 +02:00
onli
eedd984e0d improve cgi detection to use custom htaccess 
See http://board.s9y.org/viewtopic.php?f=3&t=20788
 2016-09-25 16:54:09 +02:00
Garvin Hicking
06e33c5421 Merge branch 'master' of github.com:s9y/Serendipity 2016-09-25 15:30:10 +02:00
Garvin Hicking
4aaa9845eb Add header API 2016-09-22 15:38:12 +02:00
Garvin Hicking
d60a7da9c3 support http auth 2016-09-22 15:34:27 +02:00
Garvin Hicking
20ade83792 allow arrays 2016-09-22 14:33:52 +02:00
Garvin Hicking
80f3b39502 forward compatibility to serendipity_request_url 2016-09-22 14:26:59 +02:00
Garvin Hicking
cfd75ec877 Security patch, see docs/NEWS 2016-09-22 12:51:00 +02:00
Garvin Hicking
c1e4f4c533 Add serendipity_request_url() 2016-09-22 12:35:48 +02:00
Garvin Hicking
6d68ec389d experimental commit to use "content_message" for emitting a default "404 not found" message when redirecting to the blog to indicate 404 view 
http://board.s9y.org/viewtopic.php?f=2&t=20861
 2016-09-20 10:35:11 +02:00
onli
5108486af3 Remove backend js from preview_iframe in next 2016-09-11 15:38:41 +02:00
onli
f15cb17755 Document recent changes 
fallback chain changes, preview fixes, getFile function in plugin api,
frontend-param in smarty {getFile}
 2016-09-09 15:12:13 +02:00
onli
acef784f41 Fix: Entry preview using backend entries.tpl 2016-09-09 14:55:29 +02:00
onli
9dfa482a96 Introduce {getFile frontend} param to get frontend files while in backend 
This will be mainly needed in preview_iframe.tpl, as it is executed in
the backend but needs files from the frontend theme. See
http://board.s9y.org/viewtopic.php?p=10445987#p10445987
 2016-09-08 10:18:27 +02:00
onli
b73dd8bb1e Introduce getFile to the plugin api 
Useful to get files (like smiley graphics) from the fallback chain
 2016-08-23 00:21:35 +02:00
onli
460b416b7c Make ML work with simplified fallback chain 
See 8affa1126a80f045aea61b40c5f449e05b843419
 2016-07-29 00:16:37 +02:00
onli
6419df26e0 Improve getTemplateFile performance by avoiding double lookups 2016-07-24 20:22:14 +02:00
onli
8affa1126a Massively simplify fallback chain logic 
Should've been tested in the alpha, but given the problems with the preview logic (see http://board.s9y.org/viewtopic.php?f=3&t=20791) I'm convinced we need this now. This mainly reworks serendipity_getTemplateFile to follow a simple scheme on where to look for templates – either in the backend or frontend, based on where we are but overridable, then in the engine, then in the defaultTemplate as fallback.
 2016-07-24 20:13:36 +02:00
onli
b5fbccb669 Remove php_value from htaccess, collides with fcgi 
See http://board.s9y.org/viewtopic.php?f=3&t=20788
 2016-07-19 13:41:36 +02:00
onli
84709381af Fix: Category feed showed all entries 2016-07-03 23:01:17 +02:00
onli
d973e99933 Workaround PHP < 5.6 bug, not verifying certs, stopping Request2 
See http://board.s9y.org/viewtopic.php?f=10&t=20773 and #399
 2016-06-22 19:42:07 +02:00
onli
02a49c8735 Http/Request2 for ML image download (#399) 2016-05-10 02:52:37 +00:00
onli
d4fe793820 Move importers to Http/Request2 and __construct (#399) 2016-05-10 02:47:22 +00:00
onli
fd90812453 Use Http/Request2 for functions_trackback (#399) 2016-05-10 02:34:28 +00:00
Garvin Hicking
98099b6a02 Improve custom s9y error handling. Will post in issue #399 for details. 2016-05-09 14:34:34 +02:00
onli
73ea0c4b1e Restore session id change on logout (#399) 2016-04-27 18:12:48 +00:00
onli
a8ac90c466 Init php 7 compatibility (#399) 
A first approach at fixing s9y for php 7, which makes it possible to
write an entry without any error message. The specific changes are: 1.
__construct for the plugin classes 2. Update Cache Lite to a modern
version to fix its similar constructor problem 3. Remove the
session_regenerate_id call from the session destructor (should get
re-added to session creation where necessary) 4. Remove error handler to
prevent silenced warnings from becoming fatal exceptions
 2016-04-26 22:39:11 +00:00
Ian
d78724b4c9 remove $Id$ 2016-04-25 12:13:18 +02:00
onli
32d0a6bf4f Fix: Don't break backend theme box 
If the current theme was not the same as the backend theme, but the
backend theme was part of a recommended theme, then that backend theme
would get accidentally removed from the list of themes and thus nto set
as the current backend theme, breaking the themes menu
 2016-04-20 20:47:57 +00:00