Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
871 Commits 1 Branch 0 Tags
Commit Graph

871 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
azett
0ee4f2e8a7 fixes #87, possible XSS in config panel 2023-01-08 13:11:22 +01:00
azett
264217f318 Fixes #186, possible XSS in comments 2023-01-08 13:04:12 +01:00
Fraenkiman
180366f88d
Merge branch 'flatpressblog:master' into master 2023-01-01 02:58:50 +01:00
Arvid Zimmermann
8c79821e9e
Update CHANGELOG.md 2022-12-30 12:56:23 +01:00
azett
37597afee8 check for correct admin referer on enable/disable plugin (see #64) 2022-12-30 12:52:03 +01:00
azett
516bdc173a check for correct admin referer on delete entry (see #64) 2022-12-30 12:46:35 +01:00
Fraenkiman
8f57ddf03d Update toolbar.tpl 
The name attribute on the img element is obsolete. Use the id attribute instead.
 2022-12-30 04:50:53 +01:00
Fraenkiman
8ac157cc1b
Merge branch 'flatpressblog:master' into master 2022-12-29 22:16:49 +01:00
Arvid Zimmermann
b6a185f90f
added security researchers 2022-12-29 21:44:23 +01:00
azett
3b39bc6716 added #183 2022-12-29 21:27:53 +01:00
azett
3a32aad0de fixes #183 2022-12-29 21:21:16 +01:00
Fraenkiman
becd7e569a
Merge branch 'flatpressblog:master' into master 2022-12-29 17:06:58 +01:00
azett
88494f5526 check for correct admin referer on deletefile (see #64) 2022-12-29 15:01:49 +01:00
azett
d8991285c6 added API doc; fixed code formatting 2022-12-29 14:20:31 +01:00
azett
aa10022f48 removed ancient unused file 2022-12-29 13:19:06 +01:00
Fraenkiman
19c16493a8 Update admin.static.write.tpl 
Removes unneeded spaces
 2022-12-28 18:02:35 +01:00
azett
2656ad68bc PHP functions used as modifier must be registered as modifier explicitly as of Smarty 4.3 - fixed. 2022-12-28 13:21:51 +01:00
azett
c2ce07be57 more i18n for new comment mail subject 2022-12-28 13:12:59 +01:00
Arvid Zimmermann
a1f7e99486
Merge pull request #181 from Fraenkiman/master 
Please add the following changes
 2022-12-28 13:03:12 +01:00
Fraenkiman
0928ae8a70 PrettyURLS plugin does not prevent directory browsing 
Preventing directory browsing via PrettyURLS plugin when .htaccess is deleted by the user. ...as an addition to #No. 174
 2022-12-26 02:36:47 +01:00
Fraenkiman
fc9bcf45e8 Subject line of email when new comment is not translated 
Added multilingual support for email subject line for new comments
 2022-12-26 02:17:16 +01:00
azett
34ea684565 added #180 2022-12-25 20:37:05 +01:00
azett
229752b510 fixes #180, possible XSS in entry list 2022-12-25 20:32:55 +01:00
Arvid Zimmermann
91857ec800
description changed 2022-12-25 15:05:48 +01:00
Arvid Zimmermann
5483ebc129
added #176 #177 #178 #179 2022-12-25 15:04:45 +01:00
azett
5d5c7f6d8f fixes #179, preventing path traversal 2022-12-25 15:00:06 +01:00
azett
3cc223dec5 fixes #178, possible XSS via uploaded XML & MD files 2022-12-25 14:42:08 +01:00
azett
d3f3294965 fixes #177, possible XSS in Media Manager plugin 2022-12-25 14:32:08 +01:00
azett
e53acdeef3 fixed translation 2022-12-25 14:23:03 +01:00
azett
5f23b4c2ea fixes #176, possible XSS in setup 2022-12-25 14:16:25 +01:00
Arvid Zimmermann
2e7cac5c03
added #174 2022-12-18 13:28:09 +01:00
azett
9c4e5d6567 Added .htaccess to prevent directory browsing. 2022-12-18 13:24:38 +01:00
azett
a91ca486c4 Index can't be backed up if cache needs to be built. Added helpful error message. 2022-12-18 12:51:02 +01:00
azett
69fef257c5 Leggero: Autofocus for username input in login form 2022-12-18 12:22:11 +01:00
azett
d8d7e3b166 PHP functions used as modifier must be registered as modifier explicitly as of Smarty 4.3 - fixed. 2022-12-18 12:20:43 +01:00
azett
571b061adc PHP functions used as modifier must be registered as modifier explicitly as of Smarty 4.3 - fixed. 2022-12-17 20:47:24 +01:00
Arvid Zimmermann
f6ea8304cb
We have a name for release 1.3 :) 2022-12-17 20:02:44 +01:00
Arvid Zimmermann
1a6716971f
added #172 2022-12-17 14:45:42 +01:00
azett
742f8b04f2 added SVG to forbidden file types in order to prevent possible XSS - see https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24588/CVE-2022-24588.pdf 2022-12-17 14:39:15 +01:00
Arvid Zimmermann
c4cc70e7ea
added latest changes 2022-12-17 14:32:55 +01:00
Arvid Zimmermann
2782e1a087
added latest changes 2022-12-17 14:32:17 +01:00
azett
0a7ad2ccb8 fixes #153 - thx laborix! 2022-12-17 14:23:23 +01:00
azett
5ad4647e94 Merge branch 'master' of https://github.com/flatpressblog/flatpress 2022-12-17 13:09:07 +01:00
azett
7d748fe62a fixes #171 - thx! :) 2022-12-17 13:09:00 +01:00
azett
dfa8e3013b fixes #170, thx for reporting! 2022-12-17 12:38:10 +01:00
azett
ba6ce382a5 removed unnecessary line 2022-12-17 12:32:33 +01:00
Arvid Zimmermann
9912982a94
Merge pull request #169 from fabianosantosnet/master 
update some plugins to portuguese
 2022-12-16 19:43:17 +01:00
Fabiano Santos
a3067cf47f update some plugins to portuguese 2022-12-13 22:42:33 -03:00
Arvid Zimmermann
cbc421a4fe
updated Smarty version, removed #132 (-> #158) 2022-12-13 20:18:27 +01:00
azett
fd6818c559 AdminArea plugin: Localized phrase "Login" 2022-12-12 21:11:09 +01:00