Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
872 Commits 1 Branch 0 Tags
Commit Graph

214 Commits

Author SHA1 Message Date
azett
264217f318 Fixes #186, possible XSS in comments 2023-01-08 13:04:12 +01:00
azett
516bdc173a check for correct admin referer on delete entry (see #64) 2022-12-30 12:46:35 +01:00
azett
88494f5526 check for correct admin referer on deletefile (see #64) 2022-12-29 15:01:49 +01:00
azett
d8991285c6 added API doc; fixed code formatting 2022-12-29 14:20:31 +01:00
azett
aa10022f48 removed ancient unused file 2022-12-29 13:19:06 +01:00
azett
1c6b423e48 Updated Smarty to 4.3.0. And the FlatPress-specific Smarty plugins now have their own directory, represented by the new constant FP_SMARTYPLUGINS_DIR. 2022-12-11 13:30:29 +01:00
azett
1acedaf149 fixed branch name to "master" 2022-10-11 14:36:23 +02:00
azett
80abe0a55d fixed endless loop in entry overview; fixed PHP warning 2022-10-11 13:43:19 +02:00
azett
e19b78ac13 fixed PHP warnings 2022-10-09 15:56:41 +02:00
azett
1b9022c5f6 fixed some errors occuring in Apache error log - thx laborix 2022-10-09 15:09:55 +02:00
azett
74f75ae40d added replacement function for strftime(), fixes #92 - thx @bohwaz! 2022-10-08 14:58:11 +02:00
azett
c30d52b284 Merge branch 'master' of https://github.com/flatpressblog/flatpress into issue94_smartyupdate 
# resolved conflicts:
#	fp-includes/smarty/plugins/function.html_select_date.php
 2022-10-08 13:43:33 +02:00
azett
34fb2f3e6b HttpOnly flag for session cookie to prevent possible XSS - thx @melbinkm! 2022-10-01 14:07:54 +02:00
azett
5dd42b0ffa fixes #49 & #91 - basically reverting 9f610ddac3f3a566f7ec672f5741d2314ea63ffc 2022-09-10 14:20:23 +02:00
azett
af1aa7759b Revert "Merge branch 'master' of https://github.com/flatpressblog/flatpress" 
This reverts commit e9ad11742876f9f78d743a28afd547ee7480c7f9, reversing
changes made to f30fc6204a6bc7643d7952b1df98a3aa7b462dea.
 2022-07-02 13:30:56 +02:00
azett
d4b9f3afee changed branch in version info to "smartyupdate" 2022-06-28 20:56:20 +02:00
azett
d32c6cce3b Merge branch 'master' into issue94_smartyupdate 2022-06-28 20:55:50 +02:00
azett
e49bfe20cc changed branch in version info to "responsiveadmin" 2022-06-28 20:52:30 +02:00
azett
e40b4d944b Added branch name to system version 2022-06-28 20:44:38 +02:00
azett
84723f90a2 Merge branch 'master' into issue94_smartyupdate 
# resolved conflicts:
#	fp-includes/smarty/internals/core.rm_auto.php
#	fp-includes/smarty/internals/core.rmdir.php
 2022-06-25 12:16:04 +02:00
azett
104096f4f4 Call fs_is_directorycomponent() and fs_is_hidden_file() instead of checking manually 2022-06-24 21:50:57 +02:00
azett
ed8f9e1293 fixes #118: Captions file was shown in Media Manager 2022-06-24 21:47:51 +02:00
azett
c662bc3590 Call fs_is_directorycomponent() and fs_is_hidden_file() instead of checking manually. Also: Path traversal in Media Manager fixed. 2022-06-24 21:42:48 +02:00
azett
28b7066d82 added fs_is_directorycomponent() and fs_is_hidden_file() 2022-06-24 21:03:19 +02:00
azett
51bc4cb120 Merge branch 'master' into issue94_smartyupdate 
# Resolved conflicts:
#	fp-includes/core/includes.php
#	fp-plugins/bbcode/plugin.bbcode.php
#	fp-plugins/commentcenter/inc/admin.php
 2022-06-18 12:06:34 +02:00
azett
92475a3dd6 Fixed #95: Error at prev link on first / next link on last entry. 2022-06-18 11:45:01 +02:00
azett
db658fac39 Added gallery_fetch_galleries() function 2022-06-16 12:47:03 +02:00
azett
1eb93121d5 added gallery functions 2022-06-16 12:32:12 +02:00
azett
a6e44a8e7f Fixed plugin mgmt template. Also: Fixed empty warning box. 2022-02-06 15:08:09 +01:00
azett
25c1618042 Updated FP-specific Smarty plugin "Admin" to v4 OOP style. Replaced obsolete get_template_vars() calls with getTemplateVars(). 2022-01-29 15:20:42 +01:00
azett
fb43fe3ea9 Updated FP-specific Smarty plugins to v4 OOP style. Moved list_categories plugin to the Smarty plugin folder in order to have it loaded properly. 2022-01-29 14:40:06 +01:00
azett
52bf429a01 Replaced Smarty 2.6.31-dev with v 4.0.4, keeping the FP-specific Smarty plugins. 
Updated calls to current Smarty API (register_function()/register_modifier()/register_block() -> registerPlugin(); assign_by_ref() -> assignByRef()).
Fixed file includes in templates with quotes.
Removed SmartyValidate.class.php includes.

Still work in progress as some errors still appear!
 2022-01-23 15:02:33 +01:00
azett
562844d4b8 Version push 2021-11-01 14:21:25 +01:00
azett
e2a6bf1a8a Fixed security issue reported by huntr.dev: Session cookie missed the "secure" flag. Thanks for reporting! 2021-10-23 20:25:09 +02:00
azett
14d503dfa9 version bump 2021-06-19 13:57:30 +02:00
azett
9ce0674b57 Let's release version 1.2 "Legato"! \o/ 
Bumped system version to 1.2, edited changelog accordingly.
 2021-03-20 12:21:05 +01:00
azett
e98ee2a6b6 Version bump to 1.2.beta2 2021-02-28 12:15:38 +01:00
azett
27c3e825b3 Fixed Heredoc strings. Turns out, Heredoc syntax - https://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.heredoc - only works with closing tags being the first characters of a line. Eclipse's reformatting and indention of the code does not seem to know that^^ 
Fix: Changed Heredoc strings to "normal" strings.
 2021-02-13 13:47:18 +01:00
azett
7e8ddb88b8 Fixed more template errors in order to get everything running with PHP 8.0. 
Also: Fixed some tiny PHP errors.
Thanks for reporting, Matthias!
 2021-02-13 13:03:09 +01:00
azett
89c0d93543 version bump to "1.2.beta1" 2021-02-07 12:21:53 +01:00
azett
c539c2bb7e Fixed more template errors in order to get everything running with PHP 8.0. 
Also: Removed some unneeded code.
 2021-01-01 13:25:03 +01:00
azett
83e1644c0f Restored some changes from the last commit. Turns out, the HASHSALT_FILE is still used elsewhere ó_Ò 2020-12-19 19:25:52 +01:00
azett
f265b22b0b Fix for #59: Updated password hash algorithm from md5 to bcrypt (via password_hash() function). Thanks a lot, @axelhahn! 
In detail: Added function io_delete_file(). Removed system_hashsalt_save(). Added password hash update mechanics to user_login().
 2020-12-19 14:02:27 +01:00
azett
5a0b7541e7 Getting FlatPress ready for PHP 8: Added a lot of missing checks for undefined variables and array keys in template and PHP files. 2020-12-19 12:52:53 +01:00
barryhughes
27214a5997 Migrate from create_func to native anon func | #67 2020-09-11 11:34:39 -07:00
azett
c1e368b222 Uploader checks for forbidden files more carefully. And: #56 fixed. Thanks again, Matthias! 2020-09-06 12:22:55 +02:00
azett
04900d4154 Optional parameter bug fixed. Deprecated curly braces syntax fixed. Thanks for reporting both, Matthias :) 2020-09-06 11:12:22 +02:00
azett
2139287c05 Fix for #62: Comments weren't sanitized properly. Thanks, @Illevyard! 2020-04-17 12:53:32 +02:00
azett
622a0d80b9 Fixed "syntax error, unexpected '['" bug under PHP 5.3, reported here: https://forum.flatpress.org/viewtopic.php?f=2&t=131 2020-04-15 14:46:55 +02:00
azett
50c11928f6 Fixed "syntax error, unexpected '['" bug under PHP 5.3, reported here: https://forum.flatpress.org/viewtopic.php?f=2&t=131 2020-04-15 14:43:54 +02:00