mbirth/LuckyCoinkydink
1
0
Fork 0
Code Issues Pull Requests Activity
5,376 Commits 2 Branches 42 Tags
Commit Graph

1488 Commits

Author SHA1 Message Date
Garvin Hicking
7832c364d7 IteratorIteratorIteratorIterator iterated iteration fix. To understand iteration, you first need to understand recursion and iteration and iteration and iteration and iteration. 2017-04-08 17:38:47 +02:00
Garvin Hicking
b8897b3250 PHP7 check 2017-04-08 17:01:31 +02:00
Garvin Hicking
86a17f9a2b Register fatal error handler 2017-04-08 15:45:21 +02:00
klemens
5a95db314a spelling fixes 2017-04-06 22:26:07 +02:00
onli
cdf375623d Require token to change theme (fixes #452) 2017-03-02 12:08:05 +01:00
Thomas Heidrich
3a7e04c69c improved check quality 
!empty verifies that $username has been set with a significant value of any kind; is_string makes sure the type is really what is being expected in the following code.
 2017-02-09 23:39:06 +01:00
Thomas Heidrich
e28bbf04d2 avoid HTTP500 crashing when username is an array 2017-02-08 20:19:43 +01:00
Thomas Heidrich
7a0a9e2156 some PHP functions expect strings and crash otherwise 2017-02-07 21:13:51 +01:00
Garvin Hicking
2b5de12b38 Issue #437 2017-01-26 08:25:06 +01:00
onli
7e70f91686 Add form token to comment delete link 2017-01-17 11:42:37 +01:00
onli
f947c66f66 Add multiple missing CSRF tokens (#439) 
Deleting comments, disabling comment threads, installing plugins, toggling a spartacus update check
 2017-01-16 15:32:16 +01:00
Garvin Hicking
c62d667287 * [Security] Fix missing integer casting for inserting new categories 
(thanks to cdxy)
 2017-01-16 11:29:15 +01:00
Garvin Hicking
a48708021c * [Security] Reject %0D/%0A in exit tracking and other places 
(Issue #434)
 2017-01-03 09:21:25 +01:00
Garvin Hicking
4e8c310156 Issue #435, fix missing escaping of HTTP referer to prevent XSS 2017-01-02 09:37:45 +01:00
Garvin Hicking
0c8416f5df Allow setting a default category. 
Needs some testing, I am not sure how to solve the case now where "no category" shall be used. It will always fall back to the default category.
Probably if someone uses a default category, that's the intended behaviour?
 2016-12-23 10:14:27 +01:00
Garvin Hicking
fd2f23f3e7 upport security bugfix to escape dbType parameter on first installation (issue #433) 2016-12-19 11:18:10 +01:00
Garvin Hicking
e2a665e13b Sync changes 2016-11-28 15:34:10 +01:00
Garvin Hicking
dc3eb1e735 Merge branch 'master' of github.com:s9y/Serendipity 2016-11-02 12:18:58 +01:00
Garvin Hicking
26de428c18 Enhanced media upload check to also check redirects for local files, thanks to Xu Yue (again!) 2016-11-02 12:18:49 +01:00
Matthias Mees
7410465496 Improve accessibility of iconfont icons 
Iconfont icons are of no value to screenreader users; in our case,
they get alternative text. By adding 'aria-hidden="true"' to the
<span> holding the iconfont icon, we avoid the screenreader trying
to announce the iconfont icon.
 2016-10-26 11:29:25 +02:00
onli
d9b1baab76 Further improve theme ordering 
Stabilizes output of the recommended themes
 2016-10-10 18:43:03 +02:00
onli
196c3becb2 Order themes by their shown name 2016-10-10 18:36:44 +02:00
Garvin Hicking
846dbbeb85 Merge branch 'master' of github.com:s9y/Serendipity 2016-09-26 09:45:37 +02:00
onli
eedd984e0d improve cgi detection to use custom htaccess 
See http://board.s9y.org/viewtopic.php?f=3&t=20788
 2016-09-25 16:54:09 +02:00
Garvin Hicking
06e33c5421 Merge branch 'master' of github.com:s9y/Serendipity 2016-09-25 15:30:10 +02:00
Garvin Hicking
4aaa9845eb Add header API 2016-09-22 15:38:12 +02:00
Garvin Hicking
d60a7da9c3 support http auth 2016-09-22 15:34:27 +02:00
Garvin Hicking
20ade83792 allow arrays 2016-09-22 14:33:52 +02:00
Garvin Hicking
80f3b39502 forward compatibility to serendipity_request_url 2016-09-22 14:26:59 +02:00
Garvin Hicking
cfd75ec877 Security patch, see docs/NEWS 2016-09-22 12:51:00 +02:00
Garvin Hicking
c1e4f4c533 Add serendipity_request_url() 2016-09-22 12:35:48 +02:00
Garvin Hicking
6d68ec389d experimental commit to use "content_message" for emitting a default "404 not found" message when redirecting to the blog to indicate 404 view 
http://board.s9y.org/viewtopic.php?f=2&t=20861
 2016-09-20 10:35:11 +02:00
onli
5108486af3 Remove backend js from preview_iframe in next 2016-09-11 15:38:41 +02:00
onli
f15cb17755 Document recent changes 
fallback chain changes, preview fixes, getFile function in plugin api,
frontend-param in smarty {getFile}
 2016-09-09 15:12:13 +02:00
onli
acef784f41 Fix: Entry preview using backend entries.tpl 2016-09-09 14:55:29 +02:00
onli
9dfa482a96 Introduce {getFile frontend} param to get frontend files while in backend 
This will be mainly needed in preview_iframe.tpl, as it is executed in
the backend but needs files from the frontend theme. See
http://board.s9y.org/viewtopic.php?p=10445987#p10445987
 2016-09-08 10:18:27 +02:00
onli
b73dd8bb1e Introduce getFile to the plugin api 
Useful to get files (like smiley graphics) from the fallback chain
 2016-08-23 00:21:35 +02:00
onli
460b416b7c Make ML work with simplified fallback chain 
See 8affa1126a80f045aea61b40c5f449e05b843419
 2016-07-29 00:16:37 +02:00
onli
6419df26e0 Improve getTemplateFile performance by avoiding double lookups 2016-07-24 20:22:14 +02:00
onli
8affa1126a Massively simplify fallback chain logic 
Should've been tested in the alpha, but given the problems with the preview logic (see http://board.s9y.org/viewtopic.php?f=3&t=20791) I'm convinced we need this now. This mainly reworks serendipity_getTemplateFile to follow a simple scheme on where to look for templates – either in the backend or frontend, based on where we are but overridable, then in the engine, then in the defaultTemplate as fallback.
 2016-07-24 20:13:36 +02:00
onli
b5fbccb669 Remove php_value from htaccess, collides with fcgi 
See http://board.s9y.org/viewtopic.php?f=3&t=20788
 2016-07-19 13:41:36 +02:00
onli
84709381af Fix: Category feed showed all entries 2016-07-03 23:01:17 +02:00
onli
d973e99933 Workaround PHP < 5.6 bug, not verifying certs, stopping Request2 
See http://board.s9y.org/viewtopic.php?f=10&t=20773 and #399
 2016-06-22 19:42:07 +02:00
onli
02a49c8735 Http/Request2 for ML image download (#399) 2016-05-10 02:52:37 +00:00
onli
d4fe793820 Move importers to Http/Request2 and __construct (#399) 2016-05-10 02:47:22 +00:00
onli
fd90812453 Use Http/Request2 for functions_trackback (#399) 2016-05-10 02:34:28 +00:00
Garvin Hicking
98099b6a02 Improve custom s9y error handling. Will post in issue #399 for details. 2016-05-09 14:34:34 +02:00
onli
73ea0c4b1e Restore session id change on logout (#399) 2016-04-27 18:12:48 +00:00
onli
a8ac90c466 Init php 7 compatibility (#399) 
A first approach at fixing s9y for php 7, which makes it possible to
write an entry without any error message. The specific changes are: 1.
__construct for the plugin classes 2. Update Cache Lite to a modern
version to fix its similar constructor problem 3. Remove the
session_regenerate_id call from the session destructor (should get
re-added to session creation where necessary) 4. Remove error handler to
prevent silenced warnings from becoming fatal exceptions
 2016-04-26 22:39:11 +00:00
Ian
d78724b4c9 remove $Id$ 2016-04-25 12:13:18 +02:00