mbirth/LuckyCoinkydink
1
0
Fork 0
Code Issues Pull Requests Activity
5,129 Commits 2 Branches 42 Tags
2.1.5
Commit Graph

1403 Commits

Author SHA1 Message Date
onli
f89a5aa0f7 Make comment subscription with full text the default () 
Cherry-picked from master.

Signed-off-by: Thomas Hochstein <thh@inter.net>
 2018-09-30 12:13:51 +02:00
onli
b968138dc3 React to errors when comment could not be deleted () 
Cherry-picked from master.

Signed-off-by: Thomas Hochstein <thh@inter.net>
 2018-09-30 12:13:46 +02:00
Garvin Hicking
9796c17326 Backport 2018-09-18 15:29:47 +02:00
Garvin Hicking
c930c6f331 Backport 2018-09-18 15:28:58 +02:00
Garvin Hicking
af9f21cda2 Another cast for safety 2018-07-19 09:28:52 +02:00
Garvin Hicking
1455842192 Cherrypick: Security fixes 2018-07-19 09:27:58 +02:00
Garvin Hicking
5d2fcfa6a4 backport 2018-04-23 12:02:17 +02:00
Mario Hommel
e3664e4aaf Fix variable name in hook backend_sendcomment 2018-03-25 08:02:50 +02:00
Garvin Hicking
a299ec6449 Proper constant check 2018-01-10 11:20:58 +01:00
Thomas Hochstein
a6ca674484 Fix display of messages for comment editing. 
All messages and errors were appended to $msg
and $errormsg, respectively, creating one long
unformatted string - mostly unreadable.

So we make $msg and $errormsg arrays instead
and iterate over those arrays in the template,
displaying each message separately.

Fixes .

Signed-off-by: Thomas Hochstein <thh@inter.net>
 2017-12-17 19:16:25 +01:00
Immo Goltz
35d5de65b2 Add template path as first entry to template_dirs. 
Fixes  and .

Cherry-picked from master.

Signed-off-by: Thomas Hochstein <thh@inter.net>
 2017-08-02 23:10:12 +02:00
Garvin Hicking
5871f698eb Exclude documentation from rewrites in .htaccess 
* Change .htaccess default rules.
* Add an upgrader task.

Fixes isse .

Cherry-picked and rebased from master.

Signed-off-by: Thomas Hochstein <thh@inter.net>
 2017-07-23 20:36:12 +02:00
Thomas Hochstein
81adf62790 Display ChangeLog in plugin lists (if available). 
Code was using wrong file path variable for checking
the presence of a ChangeLog file.

Cherry-picked from master.

Signed-off-by: Thomas Hochstein <thh@inter.net>
 2017-07-23 20:35:59 +02:00
Thomas Hochstein
5b3116a201 Fix comment preview for logged-in user. 
Comment form data was unconditionally overwritten
by user data. Make that conditional ...

Fixes issue 487.

Cherry-picked from master.

Signed-off-by: Thomas Hochstein <thh@inter.net>
 2017-05-20 23:04:28 +02:00
Garvin Hicking
701ebe442d Rever this for the release, re-introduce later 2017-04-09 09:35:14 +02:00
Garvin Hicking
8fee805ca1 Prepare release 2.1.1 2017-04-09 09:15:55 +02:00
Thomas Hochstein
c3dfe61b57 Fix broken compat layer. 
Partially revert 7a0a9e215600284eb5aeea201d79563368f4c45b

serendipity_specialchars() and others were made to
return "" when fed something that is not a string.
So boolean values (1 or TRUE) will be returned as "",
i.e. FALSE, breaking the blog in interesting ways
(i.e. displaying wrong configuration values and
saving them to the database).

Closes .

Signed-off-by: Thomas Hochstein <thh@inter.net>
 2017-04-09 00:49:10 +02:00
Garvin Hicking
7832c364d7 IteratorIteratorIteratorIterator iterated iteration fix. To understand iteration, you first need to understand recursion and iteration and iteration and iteration and iteration. 2017-04-08 17:38:47 +02:00
Garvin Hicking
b8897b3250 PHP7 check 2017-04-08 17:01:31 +02:00
Garvin Hicking
86a17f9a2b Register fatal error handler 2017-04-08 15:45:21 +02:00
klemens
5a95db314a spelling fixes 2017-04-06 22:26:07 +02:00
onli
cdf375623d Require token to change theme (fixes ) 2017-03-02 12:08:05 +01:00
Thomas Heidrich
7a0a9e2156 some PHP functions expect strings and crash otherwise 2017-02-07 21:13:51 +01:00
Garvin Hicking
2b5de12b38 Issue 2017-01-26 08:25:06 +01:00
onli
7e70f91686 Add form token to comment delete link 2017-01-17 11:42:37 +01:00
onli
f947c66f66 Add multiple missing CSRF tokens () 
Deleting comments, disabling comment threads, installing plugins, toggling a spartacus update check
 2017-01-16 15:32:16 +01:00
Garvin Hicking
c62d667287 * [Security] Fix missing integer casting for inserting new categories 
(thanks to cdxy)
 2017-01-16 11:29:15 +01:00
Garvin Hicking
a48708021c * [Security] Reject %0D/%0A in exit tracking and other places 
(Issue )
 2017-01-03 09:21:25 +01:00
Garvin Hicking
4e8c310156 Issue , fix missing escaping of HTTP referer to prevent XSS 2017-01-02 09:37:45 +01:00
Garvin Hicking
0c8416f5df Allow setting a default category. 
Needs some testing, I am not sure how to solve the case now where "no category" shall be used. It will always fall back to the default category.
Probably if someone uses a default category, that's the intended behaviour?
 2016-12-23 10:14:27 +01:00
Garvin Hicking
fd2f23f3e7 upport security bugfix to escape dbType parameter on first installation (issue ) 2016-12-19 11:18:10 +01:00
Garvin Hicking
e2a665e13b Sync changes 2016-11-28 15:34:10 +01:00
Garvin Hicking
dc3eb1e735 Merge branch 'master' of github.com:s9y/Serendipity 2016-11-02 12:18:58 +01:00
Garvin Hicking
26de428c18 Enhanced media upload check to also check redirects for local files, thanks to Xu Yue (again!) 2016-11-02 12:18:49 +01:00
Matthias Mees
7410465496 Improve accessibility of iconfont icons 
Iconfont icons are of no value to screenreader users; in our case,
they get alternative text. By adding 'aria-hidden="true"' to the
<span> holding the iconfont icon, we avoid the screenreader trying
to announce the iconfont icon.
 2016-10-26 11:29:25 +02:00
onli
d9b1baab76 Further improve theme ordering 
Stabilizes output of the recommended themes
 2016-10-10 18:43:03 +02:00
onli
196c3becb2 Order themes by their shown name 2016-10-10 18:36:44 +02:00
Garvin Hicking
846dbbeb85 Merge branch 'master' of github.com:s9y/Serendipity 2016-09-26 09:45:37 +02:00
onli
eedd984e0d improve cgi detection to use custom htaccess 
See http://board.s9y.org/viewtopic.php?f=3&t=20788
 2016-09-25 16:54:09 +02:00
Garvin Hicking
06e33c5421 Merge branch 'master' of github.com:s9y/Serendipity 2016-09-25 15:30:10 +02:00
Garvin Hicking
4aaa9845eb Add header API 2016-09-22 15:38:12 +02:00
Garvin Hicking
d60a7da9c3 support http auth 2016-09-22 15:34:27 +02:00
Garvin Hicking
20ade83792 allow arrays 2016-09-22 14:33:52 +02:00
Garvin Hicking
80f3b39502 forward compatibility to serendipity_request_url 2016-09-22 14:26:59 +02:00
Garvin Hicking
cfd75ec877 Security patch, see docs/NEWS 2016-09-22 12:51:00 +02:00
Garvin Hicking
c1e4f4c533 Add serendipity_request_url() 2016-09-22 12:35:48 +02:00
Garvin Hicking
6d68ec389d experimental commit to use "content_message" for emitting a default "404 not found" message when redirecting to the blog to indicate 404 view 
http://board.s9y.org/viewtopic.php?f=2&t=20861
 2016-09-20 10:35:11 +02:00
onli
5108486af3 Remove backend js from preview_iframe in next 2016-09-11 15:38:41 +02:00
onli
f15cb17755 Document recent changes 
fallback chain changes, preview fixes, getFile function in plugin api,
frontend-param in smarty {getFile}
 2016-09-09 15:12:13 +02:00
onli
acef784f41 Fix: Entry preview using backend entries.tpl 2016-09-09 14:55:29 +02:00