TheRON/core
1
0
Fork 0
mirror of https://framagit.org/hubzilla/core.git synced 2026-06-21 00:52:33 -04:00
Code Issues Packages Projects Releases Wiki Activity
27,727 Commits 3 Branches 151 Tags
fedf60a32c36ab902f25d7a0dc7088b8d9c31bbd
Commit Graph

4269 Commits

Author SHA1 Message Date
Mario Vavti
3bfbc70587 check against null 2022-08-07 14:06:08 +02:00
Mario Vavti
b47dab0ee9 update widget description 2022-08-05 12:45:43 +02:00
Mario Vavti
6eeb033b96 only decode attachment and iconfig for nonresponse activities 2022-08-04 12:42:35 +02:00
Mario
e79668ddf4 fix lang tests if result is ambigous 2022-07-26 15:37:17 +00:00
Mario
dc6b6fc353 add "falsey" test 2022-07-26 15:22:05 +00:00
Mario
c301baafb5 check if the webpages app is installed 2022-07-18 17:52:00 +00:00
Mario
ae705dd865 HQ dashboard - missing files 2022-07-16 14:49:56 +00:00
Mario
d6a9a9927c HQ dashboard - initial checkin 2022-07-15 17:50:02 +00:00
Mario
5e112b395d oembed: implement a max oembed size which defaults to 1MB and do not try to oembed text previews 2022-06-03 08:51:54 +00:00
Mario
50782dfb83 prevent php error and add some doco 2022-05-25 08:34:29 +00:00
Mario
6d00b2e63d bump php version requirement 2022-05-25 08:14:59 +00:00
Mario
3058cbfbb2 categories widgets cleanup 2022-05-24 09:31:30 +00:00
Mario
162d86983a streamline inbound attachment handling and fix regression from issue #1679 2022-05-23 09:26:29 +00:00
Mario
8ba4745097 update to remove core apps (wiki, cards, articles) which have been moved to addons 2022-05-19 08:04:39 +00:00
Mario
940a0c8b10 add a hidden config for the hs2019 http sig algo 2022-05-19 07:36:57 +00:00
Mario
8928b24e23 rendering fixes 2022-05-19 07:22:10 +00:00
Mario
ae9a9191f3 implement starring of pubstream items 2022-05-18 08:47:45 +00:00
Mario
c1dc16a89d make sure we use source.content when rendering events to correctly render observer related content. fix wrong media types. 2022-05-16 20:44:53 +00:00
Mario
66436ce4a2 fix php errors 2022-05-14 19:04:05 +00:00
Mario
304d136437 do not set allowed to true if verb is ACTIVITY_SHARE and slightly changed logic for conv fetches 2022-05-13 19:13:47 +00:00
Mario
1b4268b9b0 do not stringify integer value 2022-05-11 11:52:22 +00:00
Mario
a7968e6525 update queries in mod search - fixes #1677 2022-05-11 11:50:29 +00:00
Mario
e59cc3d404 deal with pleroma reactions 2022-05-10 12:15:29 +00:00
Mario
3a2d126877 use rev instead of _updated and the unix timestamp is less likely to cause issues in the future 2022-05-09 08:27:50 +00:00
Mario
09d929bd56 add the update date to the icon url. some platforms will not update if the icon url remains static 2022-05-07 13:42:14 +00:00
Mario
2ca80118bf more cleanup 2022-05-06 19:10:28 +00:00
Mario
04eb20ac35 some cleanup after moving articles and cards to addons 2022-05-06 14:58:27 +00:00
Mario
f299391aa1 fix core issue #1676 and a liked/disliked/commented confusion 2022-05-06 08:24:17 +00:00
Mario
c334fc9d22 move wiki to addons 2022-05-06 07:29:59 +00:00
Mario
9ada8518dc move articles to addon 2022-05-04 19:26:05 +00:00
Mario
f0c09b374c move cards to addon 2022-05-04 18:46:45 +00:00
Mario Vavti
01e82090b2 hubloc in AS has been moved from data to meta a while ago 2022-04-26 11:07:23 +02:00
Mario Vavti
2d8065a780 whitespace 2022-04-25 21:34:47 +02:00
Mario Vavti
b94da93c74 if we have not been provided a profile id set the profile id to the default profile - fixes #1671 2022-04-25 21:34:05 +02:00
Mario Vavti
376733bd08 fix regression with incoming poll answers from activitypub 2022-04-23 20:52:45 +02:00
Mario Vavti
b2fa63f2c8 move AP addressing to pubcrawl 
(cherry picked from commit 1390e1db39)
 2022-04-07 09:27:12 +02:00
Mario
38d977e546 fixes in regard to hub re-installs: dismiss deleted hublocs, make sure we use the latest hubloc entry for addressing, in Queue::deliver() prefer primaries since their info is probably more accurate 2022-04-01 09:50:12 +00:00
Mario Vavti
29a527426a make sure to set comments_closed to the created date if nocomment is set 2022-03-23 21:08:54 +01:00
Mario
62ac0ff21e streamline comment policy with downstream 2022-03-23 19:01:42 +00:00
Mario
a41c7caa18 Merge branch 'security-fixes-lfi-xss-open-redirect' into 'dev' 
Security fixes

See merge request hubzilla/core!2017
 2022-03-23 18:38:03 +00:00
Harald Eilertsen
b3ca31bce7 CVE-2022-27256: Open redirect via rpath query param. 
Don't follow urls to external sites when submitting forms from the
settings modules. This mitigates an Open Redirect vulnerability where an
attacker could trick a user to go to an attacker controlled destination.

Fixes part of https://framagit.org/hubzilla/core/-/issues/1666
 2022-03-20 15:34:24 +01:00
Harald Eilertsen
d35609f33a CVE-2022-27258: XSS via rpath query param. 
Escape URLs provided by the rpath query param in settings modules. This
prevents a possible Cross-Site scripting vulnerability, where an
attacker could inject web scripts and html into the settings form via
the rpath query parameter, and have a user execute the script by
tricking them to clicking a link.

Fixes part of https://framagit.org/hubzilla/core/-/issues/1666
 2022-03-20 15:34:24 +01:00
Mario
591349ee74 add the signing algo to zotinfo, and store it in import_xchan() if present 2022-03-20 08:58:18 +00:00
Mario
4ffd7587a9 make sure an announce does not overwrite an item we already have and make sure it will be a toplevel post 2022-03-11 20:29:18 +00:00
Mario
c48c62c7a8 whitespace 2022-03-10 11:41:34 +00:00
Mario
9e7fd20ade support for hs2019 2022-03-10 09:44:37 +00:00
Mario
efa1d381ba move attachments to the top 2022-03-05 13:55:16 +00:00
Mario
bee7549a1e fix regression 2022-03-04 16:09:44 +00:00
Mario
db14dbacc9 streamline event activity handling 2022-03-04 15:05:58 +00:00
Mario
b41175e0e2 port some ap quirks from the addon 2022-03-04 09:45:11 +00:00