Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,153 Commits 1 Branch 0 Tags
Commit Graph

20 Commits

Author SHA1 Message Date
Fraenkiman
3c9cc69364 Prevents upload of files with .xsig extension 
Fixes Vulnerability Stored XSS #217
 2023-07-29 13:12:30 +02:00
azett
f6394eac7a fixes #188 2023-01-08 13:24:41 +01:00
azett
3cc223dec5 fixes #178, possible XSS via uploaded XML & MD files 2022-12-25 14:42:08 +01:00
azett
742f8b04f2 added SVG to forbidden file types in order to prevent possible XSS - see https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24588/CVE-2022-24588.pdf 2022-12-17 14:39:15 +01:00
azett
dfa8e3013b fixes #170, thx for reporting! 2022-12-17 12:38:10 +01:00
azett
92c0b2a517 Bufix: Checking uploaded files' extensions looked for the tmp file name, not the actual file name. Fixes #152 as well - thanks @s4n-h4xor! 2022-10-01 13:33:34 +02:00
azett
af1aa7759b Revert "Merge branch 'master' of https://github.com/flatpressblog/flatpress" 
This reverts commit e9ad11742876f9f78d743a28afd547ee7480c7f9, reversing
changes made to f30fc6204a6bc7643d7952b1df98a3aa7b462dea.
 2022-07-02 13:30:56 +02:00
azett
6eaafee1fa Merge branch 'master' into responsiveadmin 
# resolved conflicts:
#	admin/panels/config/admin.config.tpl
#	admin/panels/entry/admin.entry.commentlist.tpl
#	fp-plugins/commentcenter/tpls/deletecomm.tpl
#	fp-plugins/commentcenter/tpls/editpol.tpl
 2022-06-27 19:24:18 +02:00
azett
fd9aea911d First part of #114: Error msg on uploading a forbidden file. Thx laborix! 2022-06-19 12:37:56 +02:00
franciscoarocas
8e2fc93d8a Merge branch 'master' into responsiveadmin 2021-02-08 15:37:07 +01:00
azett
22abda2369 Fixed more template errors in order to get everything running with PHP 8.0. 
Also: Change in language files, widget management is no longer called "experimental".
 2021-01-01 12:57:46 +01:00
franciscoarocas
4a711c40cb Update admin.uploader.tpl 2021-01-01 03:23:42 +01:00
Francisco
12354e7292 Fixed, uploaderFiles doesnt show all namesFiles in all uploadersInputs 2020-09-14 13:15:42 +01:00
Francisco
6259440e34 File Manager only show images and attachs. FileUpload namefile fixed. 2020-09-14 12:45:42 +01:00
azett
c1e368b222 Uploader checks for forbidden files more carefully. And: #56 fixed. Thanks again, Matthias! 2020-09-06 12:22:55 +02:00
Francisco
3eb02b0509 Merged 2020-07-11 15:18:33 +01:00
azett
082c113d67 Security: PHP files can not be uploaded any more - see https://www.exploit-db.com/exploits/39870 2018-12-31 15:13:49 +01:00
azett
d8de4bfb02 Replaced some more class-named constructors (and calls to them). 
Removed unused and/or commented code.
Replaced calls to deprecated each() with array_shift() (not completely done yet, still some more to fix!).
Replaced call to deprecated create_function() with real callback function.
 2018-10-03 13:53:40 +02:00
real_nowhereman
a5d37a6602 2009-12-17 17:52:49 +00:00
real_nowhereman
a68630bf35 First revision of FlatPress Crescendo+1 ( 0.703+n :) ) 2007-10-30 10:30:07 +00:00