1
0
mirror of https://github.com/e107inc/e107.git synced 2025-10-24 03:06:18 +02:00
Commit Graph

13478 Commits

Author SHA1 Message Date
Cameron
c7dc227e24 Merge pull request #4575 from Deltik/fix/4574
Add index to database session handler for session expiry
2021-09-27 10:30:06 -07:00
Cameron
66d8081580 Added new field to navigation links table: link_rel 2021-09-27 10:22:14 -07:00
Cameron
5fd8fdc92b Fixed e107 v1 to v2 forum migration adding check for deprecated files. Fixed breadcrumb subforum visibility and URL when SEFURL is disabled. 2021-09-26 10:43:33 -07:00
Nick Liu
54ed823aba Add index to database session handler for session expiry
Greatly improves garbage collection performance

Fixes: #4574
2021-09-25 15:15:33 -05:00
Cameron
69d5b49525 Fixed news tag query 2021-09-25 11:43:19 -07:00
Cameron
5cf3f9d57b Fix for news tag links containing spaces. 2021-09-25 10:25:04 -07:00
Cameron
af0b5dcb84 More rel="noopener" and og: changes. 2021-09-25 09:57:18 -07:00
Cameron
5d0db673e3 Moved help tip to correct field. 2021-09-25 09:38:50 -07:00
Cameron
3a241727f8 Keep FB scraper up-to-date with changes. 2021-09-24 13:19:06 -07:00
Cameron
c7be6a57e8 Open-graph improvements in news. 2021-09-24 13:08:45 -07:00
Cameron
fb96bfba39 Option added to use different field for link name. 2021-09-23 15:55:32 -07:00
Cameron
1870431616 Merge pull request #4573 from Deltik/fix/4572
#4572: `e_form`: No `htmlspecialchars()` on "other" attributes
2021-09-23 14:40:53 -07:00
Nick Liu
45bce2a7aa #4572: e_form: No htmlspecialchars() on "other" attributes
Fixes: #4572

Discussion:
https://github.com/e107inc/e107/pull/4554#issuecomment-926113601
2021-09-23 16:12:52 -05:00
Cameron
171cac87b1 Admin-UI type=datestamp and batch=true was producing unexpected results in the batch filter. Now provides an option for setting the current date/time. 2021-09-23 12:37:30 -07:00
Cameron
45bb6c2f35 Custom meta-image option added to Pages. 2021-09-23 12:01:26 -07:00
Cameron
a8ec6435e5 Closes #4567 - jQuery 3 is now the default for the frontend of e107.
To use v2, add the following to e107_config.php: define('e_DEBUG_JQUERY', 2);
2021-09-23 11:02:43 -07:00
Cameron
94c5761893 Updated jQuery3 CDN URL. Reduced some scrollbar widths in admin area. Prevent multiple og:title entries. 2021-09-23 10:41:51 -07:00
Cameron
9c2d7ec2d6 Prevent news item data being overwritten within latestnews_menu 2021-09-22 13:31:37 -07:00
Cameron
79e016a7f6 Using e107::title() will now automatically add an og:title meta value if one isn't already defined. 2021-09-22 12:23:30 -07:00
Cameron
8b2e6b955a Updated define('e_PAGETITLE') to e107::title() 2021-09-22 12:14:24 -07:00
Cameron
34b9e454da Fix for tagcloud word limit. 2021-09-19 11:40:40 -07:00
Cameron
92f6c54c9c Added rel="noopener noreferrer" to XURL links. 2021-09-15 19:52:33 -07:00
Cameron
d0f8f348fe Removed cacheID from cached JS/CSS URLs - now automatically included within filename hash. 2021-09-15 19:25:10 -07:00
Cameron
f669ea9053 Added aria-label to XURL icons. 2021-09-15 19:18:53 -07:00
Cameron
6fa4982d30 Added rel="noopener noreferrer" to external _blank target navigation links. 2021-09-15 12:51:39 -07:00
Cameron
4747ad3c6e Merge pull request #4547 from Deltik/fix/4546
Deprecate `e_parse::toJS()`
2021-09-15 12:18:41 -07:00
Cameron
632f33526f Admin-ui: Fix for delete confirmation popup alert. 2021-09-14 14:15:30 -07:00
Cameron
2682aeaa27 Token checks added. 2021-09-14 13:28:03 -07:00
Cameron
6020de66e1 Issue #4567 - Remove jQuery.once() dependency. 2021-09-13 18:40:19 -07:00
Cameron
48ace946f4 Bootstrap upgraded to v5.1.1 2021-09-13 18:05:35 -07:00
Cameron
5860d23882 Added option to .htaccess to redirect all www. requests. 2021-09-13 13:31:04 -07:00
Nick Liu
c94722e00b #4564: Un-break validatorClass::dbValidateArray() counter
I forgot an `AND` in the `WHERE` clause for the `e_db_pdo`
implementation of `validatorClass::dbValidateArray()`.

Fixes: https://github.com/e107inc/e107/issues/4564
2021-09-13 12:41:26 -05:00
Cameron
036b301c31 Merge pull request #4504 from Jimmi08/patch-27
Add ID to user profile page render()
2021-09-10 14:43:57 -07:00
Cameron
b180ff8757 Merge pull request #4559 from Deltik/fix/4527
Disable `USERTHEME` when `e_MENUMANAGER_ACTIVE`
2021-09-10 14:40:15 -07:00
Cameron
3e52f29087 Merge pull request #4554 from Deltik/php-8.1
PHP 8.1 compatibility
2021-09-10 14:38:31 -07:00
Cameron
834c713eef Fix for e107_media and removal of old files. 2021-09-10 09:25:20 -07:00
Cameron
3844bec9cc Fix for missing LAN 2021-09-10 09:18:04 -07:00
Nick Liu
ca326d5273 Disable USERTHEME when e_MENUMANAGER_ACTIVE
Fixes: https://github.com/e107inc/e107/issues/4527
2021-09-10 09:56:27 +02:00
Cameron
8fc922c126 Make sure font, svg and ico files are gzipped during transfer. 2021-09-09 13:23:13 -07:00
Cameron
f5bb80607a word limit per record added. 2021-09-09 13:20:51 -07:00
Cameron
9163f907bf Erased old deprecated files. 2021-09-06 12:22:25 -07:00
Cameron
daf0008705 Added 'nolist' attribute to e_user.php settings() method for hiding fields within admin/users.php listing. 2021-09-06 12:13:18 -07:00
Tijn Kuyper
ad465ae584 Update SECURITY.md 2021-09-06 21:05:07 +02:00
Tijn Kuyper
b1dbd1744d Created SECURITY.MD file containing security policy 2021-09-06 20:01:22 +02:00
Nick Liu
20882920a0 Fix all PHP 8.1 test failures
* `strftime()` has been replaced with a polyfill based on `DateTime`.
* Explicit type casts/assertions added where required by PHP 8.1
* `filter_var(…, FILTER_SANITIZE_STRING)` replaced with `strip_tags()`
  or HTML entity encoding of quotation marks, depending on a guess of
  what the intended "sanitization" was
* `http_build_query()` usage type mismatches fixed
* Removed usages of the `FILE_TEXT` constant
* To avoid breaking PHP 5.6 compatibility (function return types),
  `e_session_db` no longer implements `SessionHandlerInterface`.
  Instead, the alternative non-OOP invocation of
  `session_set_save_handler()` is used instead to apply the session
  handler.
* The shim for `strptime()` still calls the native function if available
  but now suppresses the deprecation warning.

* `e_db_pdo` explicitly asks for `PDO::ATTR_STRINGIFY_FETCHES` to
  maintain consistent behavior with past versions of PHP.
* `e_db_mysql` explicitly sets `mysqli_report(MYSQLI_REPORT_OFF)` to
  maintain consistent behavior with past versions of PHP.

* Removed pointless random number generator seed from `banner` plugin
* Workaround for `COUNT(*)` SQL query in
  `validatorClass::dbValidateArray()` without a proper API for avoiding
  SQL injection
2021-09-04 15:06:19 +02:00
Nick Liu
64cd796605 Update test dependencies
Fixes: #4551
2021-09-04 15:08:15 +02:00
Nick Liu
5c355d57a3 CI: Update Debian archive keyring for unmaintained containers 2021-08-31 00:25:17 +02:00
Nick Liu
f6d6d1b185 Deprecate e_parse::toJS()
`e_parse::toJS()`, documented with the description

> Convert text blocks which are to be embedded within JS

, does not protect strings from injections, which appears to be its
primary use.  Additionally, it performs multiple unrelated string
modifications:

* Replace Windows line breaks with a literal `\\n` (which would later be
  parsed as `\n` in JavaScript/JSON)
* Does not modify Unix line breaks (`\n`), which is inconsistent with
  the Windows line break behavior
* Removes HTML tags
* Replaces HTML entities as `htmlentities()` does

This method cannot be fixed because its usages are inconsistent.  Most
notably, some usages surround the method's output in single quotes while
others surround it with double quotes.  Strings cannot be JSON-encoded
without confounding quotation mark styles.

All core usages of `e_parse::toJS()` have been replaced with
alternatives, which are also documented in the method's DocBlock.

Fixes: #4546
2021-08-31 00:11:14 +02:00
Moc
2c44c7602c Fixes #3980 - Remove duplicate random number on contact form
- Already called in secure_img::renderInput();
- Should also fix https://github.com/e107inc/visualcaptcha/issues/5
2021-08-30 20:40:09 +02:00
Cameron
7973e10dea Debug code removal. Rel prev/next added. 2021-08-13 11:53:21 -07:00