69b1958483
Fix " Call to undefined method Friendica\App::getLoggedInUserNickname"
2024-05-15 06:15:50 +00:00
60f5fd8188
Many deprecated function calls are replaced
2024-05-13 21:37:15 +00:00
c041c65c1d
Comstants for features
2024-03-24 14:48:23 +00:00
5c5d7eb04f
Fix several vulnerabilities ( #13927 )
...
* Escape HTML in the location field of a calendar event post
- This allowed script tags to be interpreted in the post display of an event.
* Add form security token check to /admin/phpinfo module
- This prevents basic XSS attacks against /admin/phpinfo
* Add form security token check to /babel module
- This prevents basic XSS attacks against /babel
* Prevent pass-through for attachments
- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload
* Prevent overwriting cid on event edit
- This allowed to share an event as any other user after zeroing the cid field of an existing event
2024-02-22 06:53:52 +01:00
89e7420237
Friendica copyright changed from 2023 to 2034
2024-01-02 20:57:26 +00:00
81279dad9e
Move System::jsonExit to BaseModule->jsonExit
...
- This will ensure headers set in BaseModule->run will be carried in jsonExit scenarios
- Deprecate jsonExit() method in Core\System
2023-09-24 07:08:15 -04:00
da1416c07f
Move System::httpExit to BaseModule->httpExit
...
- This will ensure headers set in BaseModule->run will be carried in httpExit scenarios
- Deprecate httpExit() method in Core\System
2023-09-24 07:08:15 -04:00
4f7740264e
Replace "group" with "circle" in the rest of the code
...
- Remaining mentions already mean "forum"
2023-05-27 22:01:45 -04:00
323765110c
Enable calendar export for public_calendar = true
2023-01-14 10:39:18 -05:00
1874a32728
Happy New Year 2023!
2023-01-01 09:36:24 -05:00
9115ec5f0d
Adjust class references to the new location
2022-12-30 21:20:28 +00:00
777afb45fc
Apply calendar owner custom theme
2022-12-15 23:14:45 -05:00
a0752b1161
Escape HTML in event mapping callback
...
- This prevents arbitrary Javascript from being executed from the calendar view
2022-12-04 06:37:37 -05:00
2f42606c43
Add information about BBCode availability in event fields
2022-12-04 06:37:37 -05:00
349436a77a
Fix event start time not being properly converted to UTC
...
- This was triggering unexpected time comparison errors
2022-12-04 06:37:36 -05:00
1b71b963d7
Fix description not being populated in event form when there's a validation error
2022-12-04 06:37:36 -05:00
84b2a35e05
Add new public_calendar additional feature
...
- This gives anonymous access to public events
2022-12-01 08:06:07 -05:00
b83526ad0b
Tighten profile restriction feature
...
- Prevent feed access to restricted profiles
- Rework display of restricted profiles with a redirect to the profile/restricted route
- Normalize permission checking with IHandleUserSession->isAuthenticated
- Remove unusable "nocache" parameter in feed module because session isn't initialized
- Reword setting name and description
2022-12-01 08:03:35 -05:00
0d53c69610
Remove unused theme info value "events_in_profile"
...
All public events (event if they are ownded by other users) are visible
2022-12-01 08:03:34 -05:00
bb97776dfb
The last PHPCS error ..
2022-11-07 20:35:07 +01:00
d524f55e3e
Reduce error-throws :-)
2022-11-07 20:34:05 +01:00
a81708091f
Make PHPCS happy
2022-11-07 20:32:55 +01:00
2da2ac6826
make PHP CS happy?
2022-11-07 20:28:08 +01:00
78a8ed6fe7
adhere feedback
2022-11-07 20:21:11 +01:00
f13c91b320
Move mod/cal.php and mod/events.php to Module
2022-11-07 19:52:24 +01:00
89fde911f9
Fix possible security issue
2022-11-07 19:52:13 +01:00
7c4a7bff2e
Move new events routes to calendar routes
2022-11-02 15:16:24 +01:00
Michael
Hypolite Petovan
Philipp