mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-03-31 18:52:31 +02:00
Code Issues Releases Wiki Activity
13,697 Commits 3 Branches 22 Tags
Commit Graph

13697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nick Liu
c94722e00b
#4564: Un-break validatorClass::dbValidateArray() counter 
I forgot an `AND` in the `WHERE` clause for the `e_db_pdo`
implementation of `validatorClass::dbValidateArray()`.

Fixes: https://github.com/e107inc/e107/issues/4564
 2021-09-13 12:41:26 -05:00
Cameron
036b301c31
Merge pull request #4504 from Jimmi08/patch-27 
Add ID to user profile page render()
 2021-09-10 14:43:57 -07:00
Cameron
b180ff8757
Merge pull request #4559 from Deltik/fix/4527 
Disable `USERTHEME` when `e_MENUMANAGER_ACTIVE`
 2021-09-10 14:40:15 -07:00
Cameron
3e52f29087
Merge pull request #4554 from Deltik/php-8.1 
PHP 8.1 compatibility
 2021-09-10 14:38:31 -07:00
Cameron
834c713eef Fix for e107_media and removal of old files. 2021-09-10 09:25:20 -07:00
Cameron
3844bec9cc Fix for missing LAN 2021-09-10 09:18:04 -07:00
Nick Liu
ca326d5273
Disable USERTHEME when e_MENUMANAGER_ACTIVE 
Fixes: https://github.com/e107inc/e107/issues/4527
 2021-09-10 09:56:27 +02:00
Cameron
8fc922c126 Make sure font, svg and ico files are gzipped during transfer. 2021-09-09 13:23:13 -07:00
Cameron
f5bb80607a word limit per record added. 2021-09-09 13:20:51 -07:00
Cameron
9163f907bf Erased old deprecated files. 2021-09-06 12:22:25 -07:00
Cameron
daf0008705 Added 'nolist' attribute to e_user.php settings() method for hiding fields within admin/users.php listing. 2021-09-06 12:13:18 -07:00
Tijn Kuyper
ad465ae584
Update SECURITY.md 2021-09-06 21:05:07 +02:00
Tijn Kuyper
b1dbd1744d
Created SECURITY.MD file containing security policy 2021-09-06 20:01:22 +02:00
Nick Liu
20882920a0
Fix all PHP 8.1 test failures 
* `strftime()` has been replaced with a polyfill based on `DateTime`.
* Explicit type casts/assertions added where required by PHP 8.1
* `filter_var(…, FILTER_SANITIZE_STRING)` replaced with `strip_tags()`
  or HTML entity encoding of quotation marks, depending on a guess of
  what the intended "sanitization" was
* `http_build_query()` usage type mismatches fixed
* Removed usages of the `FILE_TEXT` constant
* To avoid breaking PHP 5.6 compatibility (function return types),
  `e_session_db` no longer implements `SessionHandlerInterface`.
  Instead, the alternative non-OOP invocation of
  `session_set_save_handler()` is used instead to apply the session
  handler.
* The shim for `strptime()` still calls the native function if available
  but now suppresses the deprecation warning.

* `e_db_pdo` explicitly asks for `PDO::ATTR_STRINGIFY_FETCHES` to
  maintain consistent behavior with past versions of PHP.
* `e_db_mysql` explicitly sets `mysqli_report(MYSQLI_REPORT_OFF)` to
  maintain consistent behavior with past versions of PHP.

* Removed pointless random number generator seed from `banner` plugin
* Workaround for `COUNT(*)` SQL query in
  `validatorClass::dbValidateArray()` without a proper API for avoiding
  SQL injection
 2021-09-04 15:06:19 +02:00
Nick Liu
64cd796605
Update test dependencies 
Fixes: #4551
 2021-09-04 15:08:15 +02:00
Nick Liu
5c355d57a3
CI: Update Debian archive keyring for unmaintained containers 2021-08-31 00:25:17 +02:00
Nick Liu
f6d6d1b185
Deprecate e_parse::toJS() 
`e_parse::toJS()`, documented with the description

> Convert text blocks which are to be embedded within JS

, does not protect strings from injections, which appears to be its
primary use.  Additionally, it performs multiple unrelated string
modifications:

* Replace Windows line breaks with a literal `\\n` (which would later be
  parsed as `\n` in JavaScript/JSON)
* Does not modify Unix line breaks (`\n`), which is inconsistent with
  the Windows line break behavior
* Removes HTML tags
* Replaces HTML entities as `htmlentities()` does

This method cannot be fixed because its usages are inconsistent.  Most
notably, some usages surround the method's output in single quotes while
others surround it with double quotes.  Strings cannot be JSON-encoded
without confounding quotation mark styles.

All core usages of `e_parse::toJS()` have been replaced with
alternatives, which are also documented in the method's DocBlock.

Fixes: #4546
 2021-08-31 00:11:14 +02:00
Moc
2c44c7602c
Fixes #3980 - Remove duplicate random number on contact form 
- Already called in secure_img::renderInput();
- Should also fix https://github.com/e107inc/visualcaptcha/issues/5
 2021-08-30 20:40:09 +02:00
Cameron
7973e10dea Debug code removal. Rel prev/next added. 2021-08-13 11:53:21 -07:00
Cameron
f173b59672 Closes #4539 2021-08-13 10:58:42 -07:00
Cameron
b994dd916d Bootstrap upgraded to v5.1.0 2021-08-13 10:03:24 -07:00
Cameron
0c30006b5f Prevent looping of non-existent array. 2021-08-12 11:53:40 -07:00
Cameron
32618817d1 Character counting display added to meta description on admin News and Page inputs. 2021-08-12 11:51:55 -07:00
Cameron
64e705ced0 {SITELINKS_ALT} fix and test. 2021-08-07 12:26:23 -07:00
Nick Liu
ecf6ab7acc
show_emessage("ALERT", …): JSON type enforcement for alert() usages 2021-08-07 18:50:14 +02:00
Cameron
fe8ae40f30 Robot directive removed from default route. 2021-07-26 16:15:55 -07:00
Cameron
95fab15c02 Gsitemap: Display link visibility status while importing. 2021-07-22 13:51:35 -07:00
Cameron
fce00b4276 Gsitemap: Fix for importing navigation links that use a SEF URL configuration. 2021-07-22 12:15:04 -07:00
Nick Liu
7a04260b5f
#4299: Wrap even more potentially undefined constants 
In:
* Admin-UI
* Forums
 2021-07-21 20:23:06 +02:00
Cameron
389a76efe2 Fix for active nav detection while SEF URL in use. 2021-07-15 17:51:08 -07:00
Cameron
ebe9c8cf13 Precaution to avoid fatal error with some admin-ui configurations. Fontello preload code removed. (some cases may use FA instead) 2021-07-15 17:38:39 -07:00
Cameron
04576b9f79 Commented library preload code. 2021-07-14 12:20:57 -07:00
Cameron
099dffdfdd Allow theme to manually control navigation 'active' status with new method: e107::nav('active', [url match]); 2021-07-14 12:18:42 -07:00
Nick Liu
ccf0f037aa
#4299: Wrap more potentially undefined constants 
In:
* Forums
* /e107_admin/menus.php
 2021-07-13 13:10:59 +02:00
Cameron
bc1340af12 Forced WebP caching fix. 2021-07-12 12:27:29 -07:00
Cameron
c941e5b98d Issue #4024 - Pagination url option added to News preferences. Select between 'record' (legacy format eg. page=20, page=40 etc) or 'page' numbers (page=1, page=2 etc). Experimental - requires more testing. 2021-07-06 17:53:55 -07:00
Cameron
36ff7a88be Loading icon was missing from search form button. 2021-06-30 16:42:05 -07:00
Cameron
861d123f2b Fix for PHP8 fatal error on search with checkbox categories. 2021-06-30 16:25:31 -07:00
Nick Liu
a9c2ae3823
Fix #4405: PHP 8 compatibility: redirection::checkMembersOnly() 
To accommodate the change in behavior of strpos()

Fixes: https://github.com/e107inc/e107/issues/4405
 2021-06-27 18:02:39 +02:00
Cameron
3430342d0d PHPMailer upgrade to v6.2.0 2021-06-25 11:47:39 -07:00
Cameron
fd06147900
Merge pull request #4523 from e107inc/dependabot/composer/phpmailer/phpmailer-6.5.0 
Bump phpmailer/phpmailer from 6.4.0 to 6.5.0
 2021-06-25 11:25:30 -07:00
Cameron
7beae22f44 Removed search shortcode parameter limitations. 2021-06-24 16:49:22 -07:00
Cameron
00d584f584 Experimental CSS filtering. 2021-06-24 12:29:47 -07:00
dependabot[bot]
ee74e5ad8f
Bump phpmailer/phpmailer from 6.4.0 to 6.5.0 
Bumps [phpmailer/phpmailer](https://github.com/PHPMailer/PHPMailer) from 6.4.0 to 6.5.0.
- [Release notes](https://github.com/PHPMailer/PHPMailer/releases)
- [Changelog](https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md)
- [Commits](https://github.com/PHPMailer/PHPMailer/compare/v6.4.0...v6.5.0)

---
updated-dependencies:
- dependency-name: phpmailer/phpmailer
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-06-22 15:40:00 +00:00
Cameron
d8f9a96dea Issue #4520 Possible fix for session duration. (testing needed) 2021-06-18 09:44:26 -07:00
Cameron
c4f76c3687 Issue #4270 - perform all webp conversion checks within e_thumbnail class. WebP conversion now works with SEF media URLS. 2021-06-18 09:31:45 -07:00
Cameron
7302803a75 Issue #4270 Added .webp browser-support detection. Media-Manager "Convert to webp during render" can now be safely enabled and will temporarily fallback to the regular image if the browser does not support webp images. 2021-06-18 08:43:53 -07:00
Cameron
a89b58a8a2 Allow users to login when maintenance mode is active and is permitted. 2021-06-15 15:37:45 -07:00
Cameron
d2411404c4 Issue #4299 PHP8 Fix 2021-06-14 17:05:57 -07:00
Cameron
5652fd2bd9
Merge pull request #4515 from Deltik/fix/4512 
#4512: faqs_shortcodes::sc_faq_count(): Return blank string instead of 0
 2021-06-14 16:55:10 -07:00