mbirth/LuckyCoinkydink
1
0
Fork 0
Code Issues Pull Requests Activity
5,205 Commits 2 Branches 42 Tags
Commit Graph

5205 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Garvin Hicking
b8897b3250 PHP7 check 2017-04-08 17:01:31 +02:00
Garvin Hicking
86a17f9a2b Register fatal error handler 2017-04-08 15:45:21 +02:00
Garvin Hicking
3e442e73ff Merge pull request #466 from ka7/feature/spelling 
spelling fixes
 2017-04-07 10:48:11 +02:00
klemens
5a95db314a spelling fixes 2017-04-06 22:26:07 +02:00
Don Chambers
4d8f04d406 Add plugin_dynamicform.tpl to Timeline theme 2017-03-18 09:36:57 -05:00
Matthias Mees
3702139dcf Merge pull request #461 from webcompas/master 
Fixed uninitialized Smarty value (fixes #460)
 2017-03-14 14:28:04 +01:00
Pascal Uhlmann
8791e8929e Fixed uninitialized Smarty value (fixes s9y/Serendipity#460) 2017-03-14 14:02:33 +01:00
onli
cdf375623d Require token to change theme (fixes #452) 2017-03-02 12:08:05 +01:00
Matthias Mees
d98eaed44c Use https protocol for external assets 
Basically 'backporting' e256e658 for preview_iframe.tpl
 2017-02-24 09:07:53 +01:00
Matthias Mees
cea0240240 Merge pull request #451 from capturehorizons/patch-1 
Update index.tpl
 2017-02-24 09:06:03 +01:00
Marcus Seidler
e256e65846 Update index.tpl 
Hello s9y,

I have change three url (lines 23, 32, 33) to "https://..." because browser warning unsaved content on https-domains.

It works on my site "www.seidler.is"

I hope i could help

Greeting marcus
 2017-02-24 08:28:45 +01:00
Thomas Heidrich
3a7e04c69c improved check quality 
!empty verifies that $username has been set with a significant value of any kind; is_string makes sure the type is really what is being expected in the following code.
 2017-02-09 23:39:06 +01:00
Thomas Heidrich
e28bbf04d2 avoid HTTP500 crashing when username is an array 2017-02-08 20:19:43 +01:00
onli
381b066344 Merge pull request #447 from gnuheidix/comment_sanitized 
some PHP functions expect strings and crash otherwise
 2017-02-07 22:16:10 +01:00
onli
9511b9dde5 Merge pull request #446 from gnuheidix/search_term 
makes sure that only strings are being processed in searchTerm
 2017-02-07 21:15:11 +01:00
Thomas Heidrich
7a0a9e2156 some PHP functions expect strings and crash otherwise 2017-02-07 21:13:51 +01:00
Thomas Heidrich
dd06eeea99 makes sure that only strings are being processed in searchTerm; strip_tags crashes in case it's getting an array 2017-02-07 20:24:33 +01:00
Garvin Hicking
55ec5e4ab4 document, bump 2017-01-30 14:58:52 +01:00
Garvin Hicking
c2cebad52b issue #442 2017-01-30 14:58:37 +01:00
onli
d4d46855c2 Add formtoken to upgrade button 2017-01-26 14:11:54 +01:00
Garvin Hicking
ba6d9ee127 prepare release 2.1-rc1 2017-01-26 11:50:15 +01:00
Garvin Hicking
2b5de12b38 Issue #437 2017-01-26 08:25:06 +01:00
Garvin Hicking
97277cfd1a issue #430 2017-01-26 08:23:17 +01:00
Garvin Hicking
5bf0cf9fea Merge branch 'master' of github.com:s9y/Serendipity 2017-01-26 08:16:22 +01:00
Garvin Hicking
69d8a34c90 document 2017-01-26 08:16:14 +01:00
onli
7e70f91686 Add form token to comment delete link 2017-01-17 11:42:37 +01:00
onli
f947c66f66 Add multiple missing CSRF tokens (#439) 
Deleting comments, disabling comment threads, installing plugins, toggling a spartacus update check
 2017-01-16 15:32:16 +01:00
Garvin Hicking
c62d667287 * [Security] Fix missing integer casting for inserting new categories 
(thanks to cdxy)
 2017-01-16 11:29:15 +01:00
Garvin Hicking
6285933470 * [Security] Redirection of comment.php now checks the referrer 
and only allows the blog's host (thanks to Lee Sheldon Victor)
 2017-01-12 12:02:27 +01:00
Garvin Hicking
a48708021c * [Security] Reject %0D/%0A in exit tracking and other places 
(Issue #434)
 2017-01-03 09:21:25 +01:00
Garvin Hicking
edfc8bcff1 disable selenium test files 2017-01-02 09:42:37 +01:00
Garvin Hicking
4e8c310156 Issue #435, fix missing escaping of HTTP referer to prevent XSS 2017-01-02 09:37:45 +01:00
Garvin Hicking
0c8416f5df Allow setting a default category. 
Needs some testing, I am not sure how to solve the case now where "no category" shall be used. It will always fall back to the default category.
Probably if someone uses a default category, that's the intended behaviour?
 2016-12-23 10:14:27 +01:00
Garvin Hicking
6b1348a7f1 improve hidding password from recent chrome 2016-12-23 10:13:40 +01:00
Garvin Hicking
fd2f23f3e7 upport security bugfix to escape dbType parameter on first installation (issue #433) 2016-12-19 11:18:10 +01:00
onli
ccfc8c31c2 Merge pull request #432 from gnuheidix/PR_rss_version_parameter 
Strict feed template name checking (#431)
 2016-12-15 05:31:09 +01:00
Thomas Heidrich
99e9b70c9b Strict feed template name checking (#431) 
otherwise requests like /rss.php?version=1 will still crash
 2016-12-14 18:19:44 +01:00
onli
e9f98f80f0 Add additional check for allowed feed tpls (#431) 2016-12-14 12:43:50 +01:00
Garvin Hicking
cb03731e90 release 2.1-beta3 2016-11-28 15:51:51 +01:00
Garvin Hicking
e2a665e13b Sync changes 2016-11-28 15:34:10 +01:00
Garvin Hicking
dc3eb1e735 Merge branch 'master' of github.com:s9y/Serendipity 2016-11-02 12:18:58 +01:00
Garvin Hicking
26de428c18 Enhanced media upload check to also check redirects for local files, thanks to Xu Yue (again!) 2016-11-02 12:18:49 +01:00
Matthias Mees
f06aeb2340 Update docs files 
- Added correct URL to new website to INSTALL
- Adapted body copy in README
- Reformatted both files so they would pass as Markdown if needed
 2016-10-28 11:41:53 +02:00
Matthias Mees
309cf8e9a6 Catch up German core translation 2016-10-27 23:24:42 +02:00
Matthias Mees
5ed6ace0f5 Adapt README text to copy on s9y.org 2016-10-27 14:34:40 +02:00
Matthias Mees
090c212d09 Fix maintenance message spacing 2016-10-26 15:23:03 +02:00
Matthias Mees
7b354c1cf7 Fix layout error w/ maintenance messages 2016-10-26 15:21:22 +02:00
Matthias Mees
69f5515ea3 Remove stray aria-hidden attribute 2016-10-26 15:19:43 +02:00
Matthias Mees
eda47a1ffc Fix misplaced aria attribute 2016-10-26 15:16:09 +02:00
Matthias Mees
a81c480d5e Document my recent changes, oops 2016-10-26 11:35:31 +02:00