Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
851 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Fraenkiman 9837c76692 Hardens FlatPress via HTTP response header 
Fixes #146

Can be optionally activated by the FlatPress admin

 * Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources for approved content, you can prevent the browser from loading malicious content.
 * Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.
 * HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.
 * The X-Download-Options response header instructs the browser not to open the file directly but to offer it for download first. This mitigates some potential Social Engineering attacks.
 * HTTP Strict Transport Security (HSTS for short) is a security mechanism for HTTPS connections that protects against both connection encryption downgrade attack and session hijacking.
 * The referrer policy directive determines whether, and if so which, referrer information for requests triggered by the current web page is sent by the web browser in HTTP requests.
2023-03-01 00:59:25 +01:00
admin
Multilingual support for "Posted by"
2023-01-30 01:39:55 +01:00
docs
First revision of FlatPress Crescendo+1 ( 0.703+n :) )
2007-10-30 10:30:07 +00:00
fp-content
fixes #126
2022-07-02 13:01:21 +02:00
fp-defaults
Added PhotoSwipe plugin. PhotoSwipe and Gallery captions plugins are activated by default.
2022-06-16 13:07:28 +02:00
fp-includes
Fixes #186, possible XSS in comments
2023-01-08 13:04:12 +01:00
fp-interface
Typos
2023-02-04 13:38:25 +01:00
fp-plugins
Hardens FlatPress via HTTP response header
2023-03-01 00:59:25 +01:00
setup
Little fixes in Italian language files by eagleman - thx!
2023-02-18 12:13:01 +01:00
.gitignore
Revert "Merge branch 'master' of https://github.com/flatpressblog/flatpress"
2022-07-02 13:30:56 +02:00
.htaccess
Added .htaccess to prevent directory browsing.
2022-12-18 13:24:38 +01:00
admin.php
admin.php now correctly requires ADMIN_DIR/main.php
2007-12-06 18:09:18 +00:00
blog.php
Correctly redirects from old style links using system settingsand not via hardcoded strings
2008-01-15 15:13:41 +00:00
CHANGELOG.md
Update CHANGELOG.md
2023-02-04 13:39:44 +01:00
comments.php
Subject line of email when new comment is not translated
2022-12-26 02:17:16 +01:00
contact.php
PHP functions used as modifier must be registered as modifier explicitly as of Smarty 4.3 - fixed.
2022-12-17 20:47:24 +01:00
CONTRIBUTORS.md
Added SEO Metatag Info plugin; more props to @Fraenkiman
2023-01-21 13:09:28 +01:00
defaults.php
Hardens FlatPress via HTTP response header
2023-03-01 00:59:25 +01:00
index.php
PHP functions used as modifier must be registered as modifier explicitly as of Smarty 4.3 - fixed.
2023-01-22 12:39:17 +01:00
LICENSE.md
update release version to "1.1"; renamed changelog and license file, removed unneccessary files
2018-12-30 22:48:19 +01:00
login.php
PHP functions used as modifier must be registered as modifier explicitly as of Smarty 4.3 - fixed.
2022-12-18 12:20:43 +01:00
README.md
typo
2022-10-09 21:13:30 +02:00
rss.php
now redirecting to the correct page.
2008-02-11 07:50:28 +00:00
search.php
fixed typo (?) that lead to error
2022-06-25 12:43:46 +02:00
SECURITY.md
Added a few more words
2021-10-20 19:49:46 +02:00
setup.php
First revision of FlatPress Crescendo+1 ( 0.703+n :) )
2007-10-30 10:30:07 +00:00
sitemap.php
Added a sitemap for search engines. See https://forum.flatpress.org/viewtopic.php?f=4&t=126 for more details.
2020-04-16 14:09:30 +02:00
static.php
Correctly redirects from old style links using system settingsand not via hardcoded strings
2008-01-15 15:13:41 +00:00

README.md

Home page Support forum Wiki Change log Security policy Contributors Wiki

Releases License Open issues Last commit Mastodon Follow Follow on Twitter

Welcome to FlatPress!

FlatPress is a lightweight, easy-to-set-up blogging engine. Plain and simple, just PHP. No database needed!

Features

  • Independent, standard-compliant blog software
  • Works on files, no database
  • Easy to setup, easy to backup
  • Powerful plugin system with widget support
  • Easy to customize with themes, powered by Smarty
  • Comments function with spam protection
  • Free software under GNU GPLv2

Getting started

Installing and running FlatPress is really easy:

  • Download FlatPress, unzip, upload
  • Browse to your web server, run simple FlatPress installer
  • Enjoy blogging with FlatPress!

Help and support

Visit our wiki to learn everything about blogging with FlatPress, how to work with themes and plugins and where to find them. The wiki also has the General FAQ and the Tech FAQ.

Ask your questions, show off your FlatPress blog and meet fellow FlatPressers at the support forum.

Requirements

FlatPress runs on any web server (e.g. Apache or IIS) with PHP 7.1 to PHP 8.1 (more details on the wiki). Since all data is stored in files, no database is needed.

Credits

There are many people who contributed to FlatPress over the years. See them here.

Description
FlatPress is a lightweight, easy-to-set-up flat-file blogging engine.
Readme 9 MiB
Languages
PHP 87.6%
JavaScript 4%
Smarty 3.2%
CSS 2.9%
Yacc 1.3%
Other 1%