Age | Commit message (Collapse) | Author | Files | Lines |
|
When a user is deleted, their details are set to NULL. When no username
is specific for a password reset, this can trigger an email being sent
to an empty recipient which will not be deliverable.
Just to be safe, guard against NULL values for all the user related
functions.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
All current asserations are only for development/debug related checks
and safe to disable on production so we do not need to force any
settings via the deprecate `assert_options` function here and we can
just remove this code.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
This fixes an exception if the multipaste queue contains an item that
does not exist any more, e.g. because it has been deleted after it was
added to the queue.
`Exception 1/1 'ErrorException' with message 'Trying to access array offset on value of type bool' in /srv/http/filebin/application/controllers/file/Multipaste.php:103`
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
BREAKING CHANGE: Syntax raises minimal PHP version to 7.0
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
This parameter controls the generated id for files (file/upload) and
multipastes (file/create_multipaste).
The post parameter has to be a positive integer value >= 2.
Changes by Florian Pritz:
- minor style and typo fixes
- NEWS entry
- check expected error reply content in tests
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
The default value has been changed to `from-image` and at least with
Firefox 76 and Chromium 83 this leads to double rotated images.
Disabling the automatic rotation with `image-orientation: none` in CSS
leads to incorrectly scaled images, (likely, but unverified) because the
width/height are returned incorrectly/rotated in jquery/javascript.
Whatever it may be, the easier fix is to just check for the new default
value and if the browser handles orientation automatically, we disable
our own code.
https://github.com/w3c/csswg-drafts/issues/3799
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
That way they get the correct HTTP status code and they also get ignored
by the logging code.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
These are errors that a user can correct themselves so we should
classify them accordingly. That way they get the correct HTTP status
code and they also get ignored by the logging code.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
These return a 500 HTTP error code and when using a CLI download tool,
you might not see the returned HTML error message. To make debugging
easier we also log them to the error log.
Some extending exceptions also return different error codes (e.g.
UserInputException) so we filter these by only logging if the return
code is 500. If a user/admin sees that code they likely expect a log
entry.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Not sure why, but this only started to happen with php 7.4. Should be
fixed anyways so I didn't investigate further.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
This leads to a deprecation warning as of php 7.4.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
With pygments 2.4.0 at least VBScript doesn't have a name and thus
causes an exception when the first name should be used. We use the name
to tell pygmentize which lexer to use so listing a lexer that doesn't
have a name doesn't work and thus there is no point in showing it in the
list.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
If regeneration is on, the token is recreated after the first AJAX
submit and subsequent ajax submits or normal form submits break. By
disabling it here, we limit potential security issues to only this page,
but it also only works if the user does not submit any other forms while
they are on the AJAX page.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
|
|
Arch Linux disables PDF support in imagemagick due to security concerns.
This results in broken thumbnails for PDF files. By disabling it we just
get the normal file list which should be fine too. If necessary this
could be extended to be configurable, but I don't think doing that is
necessary.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|