summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2016-07-04Harden XSS escapingFlorian Pritz2-3/+3
This could lead to XSS if the html attribute values weren't quoted with double quotes. By default htmlentities only encodes double quotes and not single quotes. If the quotes are ever changed this could lead to exploitable XSS. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-07-04file/history: Add support to display preview of entries on hoverFlorian Pritz4-1/+28
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-07-04doc/api/user.md: Document introduction of user/delete_apikeyFlorian Pritz1-0/+3
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-07-04doc/api.md: Add overview of API versionsFlorian Pritz1-0/+13
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-07-04Update API v2 version info to 2.1.0Florian Pritz1-1/+1
The documentation already refers to 2.1.0 and lists a new feature of the file/history endpoint, but requests for 2.1.0 are not yet accepted because the server doesn't know that it actually supports this version. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-07-04Ensure popovers do not render outside of the pageFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-07-04Fix display issues with new bootstrapFlorian Pritz6-13/+6
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-07-04Update to boostrap 3.3.6Florian Pritz12-225/+10037
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-16Remove old TODOFlorian Pritz1-1/+0
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-16Update News0.9.14Florian Pritz1-0/+2
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-16NEWS: Fix typoFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-16post-merge: Update git submodules after pullingFlorian Pritz1-0/+3
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-16Update NEWS0.9.13Florian Pritz1-0/+3
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-12README: Mention github PRs0.9.12Florian Pritz1-0/+2
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-12README: Drop bugtracker noticeFlorian Pritz1-2/+0
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-12Switch to PHP based markdown renderer (parsedown)Florian Pritz7-170/+10
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-09doc/setup.md: Point to INSTALLFlorian Pritz1-3/+7
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-09Use PHP library for QR codesFlorian Pritz7-11/+12
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-09Autoloader: Support PSR-4 style namespace/directory mappingFlorian Pritz1-8/+15
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-07NEWS: Fix typoFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-07Drop old READMEFlorian Pritz1-6/+0
README.md now has all the information. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-07README.md: Fix some linksFlorian Pritz1-5/+5
Replace https/// with https:// Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-07README.md: Add link to doc dirFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-07doc/api.md: Restructure error handling descriptionFlorian Pritz1-42/+40
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-07doc/api.md: Add TOCFlorian Pritz1-0/+13
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-07doc/api.md: Update references to endpoint documentationFlorian Pritz1-6/+10
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-07doc/api/file.md: Fix heading level and add TOCFlorian Pritz1-5/+15
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-07doc/api/user.md: Fix heading level and add TOCFlorian Pritz1-3/+10
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-07doc: Fix some tables rendering incorrectly on githubFlorian Pritz2-19/+18
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-07doc: Import documentation from wikiFlorian Pritz5-0/+600
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-07file/download: Delete invalid multipastesFlorian Pritz1-0/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-07mmultipaste->valid_id: Detect empty multipastes as invalidFlorian Pritz1-0/+4
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-05Update NEWS0.9.11Florian Pritz1-0/+5
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-05config: Clarify comment about password hashing settingsFlorian Pritz1-1/+2
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-06-05Fix redirect on login after registering new accountFlorian Pritz3-1/+4
Previously the login box in the navigation would redirect to the current page, but this page will throw an error in the case of the registration page since that's the page with the invition key and that key is no longer valid. Fix this by redirecting to the $redirect_uri and ensure that this value is set for all requests. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-05-24mfile/valid_id: Remove duplicate codeFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-05-24Fix TypeError when getting thumbnail for invalid IDFlorian Pritz1-0/+5
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-04-26docker: Remove old commandFlorian Pritz1-1/+0
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-04-26Add Dockerfile and scripts to create and run a docker containerSebastian Rakel4-0/+117
2016-04-01Fix typoFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-04-01Support rehashing of passwords not conforming to configFlorian Pritz2-0/+7
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-04-01muser: Add set_passwordFlorian Pritz2-4/+8
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-04-01Support changing password hashing settingsFlorian Pritz2-1/+15
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-03-29Catch potential password hashing errorsFlorian Pritz1-1/+5
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-03-29Increase size of password field in DBFlorian Pritz2-1/+28
The php documentation for password_hash recommends 255. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-03-29Use PHP's password_hash functionFlorian Pritz3-259/+2
This drops a third party library, but bumps our required php version to 5.5 which is currently old stable. Earlier versions are no longer supported by php upstream nor by us. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-02-26Fix MYSQL error in migration 14/15Florian Pritz2-24/+16
Error was: You can't specify target table 'testsuite_prefix_file_storage' for update in FROM clause The new code is ported from the existing postgres migration. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-02-19view/user/profile: Fix typoFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-01-24PHP7: Ignore Notice when getting mimetype0.9.10Florian Pritz1-0/+5
Sometimes php7 throws an internal notice in this function which we convert to an exception. Catching the exception will however not set $mimetype so this error needs to be ignored. This should be removed once php has fixed the bug. References: https://bugs.php.net/bug.php?id=71434 Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-12-14PasswordHash: Fix PHP7 compatability0.9.9Florian Pritz1-1/+1
Using the class name for the constructor is deprecated. Signed-off-by: Florian Pritz <bluewind@xinu.at>