Mirrors/ICEcoder
2
0
Fork 0
mirror of https://github.com/icecoder/ICEcoder.git synced 2026-03-03 07:13:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,450 Commits 1 Branch 74 Tags
2136ad1955a76fab0232ebbdca8539fcc6fdcc68
Commit Graph

1450 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matt Pass
2136ad1955 setLine now replaceRange, around on getSelection 
setLine deprecated, now need to use replaceRange and pass 2 objects for
start & end (line & ch)
getSelection needs "around" param as default is now "end"
 2014-05-22 07:13:30 +01:00
Matt Pass
fa97918684 Use doFold now, pass string instead of object 2014-05-22 07:07:39 +01:00
Matt Pass
05daab79c1 Rename function doFold and new namespace 
doFold seems a better name, so renamed and rangeFinder var now foldType
New namespace convention on folding, also specifying type by foldType
 2014-05-22 07:05:44 +01:00
Matt Pass
57a789f046 Use CodeMirror 4.2 dir 2014-05-22 07:00:18 +01:00
Matt Pass
61cc4b82f0 Update to CodeMirror 4.2 2014-05-22 06:56:32 +01:00
Matt Pass
a8168fed86 Include this lib file only once 
Is called from headers.php also now, so don't want to error by calling
again (clashing function names etc)
 2014-05-20 07:26:05 +01:00
Matt Pass
47af30e0b6 Include common settings and xssClean output 
inlcude_once the settings-common.php file so we have the xssClean
function
Set $req to the xssClean'd value or blank
Also xssClean other strings that are output
 2014-05-20 07:25:15 +01:00
Matt Pass
277dc67243 printCode function added 
Prints current tab, though code flows off the page horizontally, needs
tweak to something.
 2014-05-16 09:18:14 +01:00
Matt Pass
0e48b8d5a3 Only show this button text if enabled reg 2014-05-16 08:21:06 +01:00
Matt Pass
3bc4deac68 Merge pull request #397 from RelaxedArcher/master 
Fixed an issue affecting registration in multi-user mode
 2014-05-16 07:49:44 +01:00
RelaxedArcher
6a50c1ce2b Fixed an issue that caused registration to be always available while in multi-user mode 2014-05-10 02:30:22 +03:00
Matt Pass
55def4402a Version 4.0 v4.0 2014-05-03 15:01:19 +01:00
Matt Pass
b23e2fe40b onClick show menu can begin 2014-05-03 14:36:20 +01:00
Matt Pass
8133adeab8 !isset($_REQUEST["csrf"]) is extra fail cond 2014-05-03 14:19:24 +01:00
Matt Pass
a470daf9f5 No need for other chars to be replaced 
Impossible to output an XSS without < or > alone
 2014-05-03 14:13:48 +01:00
Matt Pass
1a85a1ddc3 Display a more helpful & useful error message 2014-05-03 14:09:09 +01:00
Matt Pass
ab8ad37467 strClean $_GET value first 2014-05-03 12:08:30 +01:00
Matt Pass
b811cfe92f strClean $_GET['plugin'] and use that 2014-04-28 08:00:22 +01:00
Matt Pass
fa40d9dad7 Also attempt to get over https, then http 
Supresses warnings on https attempt with @
 2014-04-26 16:55:55 +01:00
Matt Pass
16c7e5d010 Attempt to get over https, then http 
Supress warnings with @ on https attempt
Explode what we have afterwards
 2014-04-26 16:54:11 +01:00
Matt Pass
d5e6fb041f Reverting to use http: instead of https: for now 
file_get_contents won't get https: data for now
Need to look at resolving this
 2014-04-26 16:14:27 +01:00
Matt Pass
f00686c679 If we have GET QS params, add &crsf=xyz to end 2014-04-26 16:12:55 +01:00
Matt Pass
45fef223ce Removed list of people, now on website 2014-04-26 14:59:53 +01:00
Matt Pass
89c811d140 Darker side text, blue links 2014-04-26 14:59:18 +01:00
Matt Pass
17ec5f517c Turn SSL verify peer off 
https over CURL Won't work locally otherwise
 2014-04-26 13:19:33 +01:00
Matt Pass
56511b66bb fileNavH not as tall anymore 2014-04-26 12:40:11 +01:00
Matt Pass
4f5ed727f0 https used and drop IGG crowdfund link 2014-04-26 12:25:32 +01:00
Matt Pass
75885aecf5 strClean now replaces javascript: 
htmlentities doesn't cover : and str_replace on : is too vague
regex is case insensitive
 2014-04-26 12:25:12 +01:00
Matt Pass
fa48d0d2f0 Strip ../ so we don't have dir traversal vuln 2014-04-26 12:24:01 +01:00
Matt Pass
ec44407e25 xssClean the displayed file/folder name 
Using html filter
 2014-04-26 12:23:29 +01:00
Matt Pass
394067ff07 Need <b> and <br> after cleaning and https used 2014-04-26 12:23:04 +01:00
Matt Pass
ed800a01ce https: used 2014-04-26 12:22:31 +01:00
Matt Pass
599af8d96b https: used and revised git command 2014-04-26 12:21:06 +01:00
Matt Pass
9a2881cd7b Remove comma 2014-04-24 12:10:17 +01:00
Matt Pass
6e7612d3ec Inform user they can't delete the root 
Stops the root accidentally being deleted
 2014-04-23 08:22:44 +01:00
Matt Pass
0413ec4414 xssClean using 'html' filter 2014-04-23 07:43:17 +01:00
Matt Pass
c88d4f46e3 Rewrite of xssClean function to be neater 2014-04-23 07:41:30 +01:00
Matt Pass
1306853e1e Cannot use $_REQUEST, should be $_GET || $_POST 
$_REQUEST appears to contain other system info, need to check on the
existence of $_GET or $_POST data
 2014-04-23 07:23:02 +01:00
Matt Pass
078068e252 Don't allow directory traversal 2014-04-23 07:12:13 +01:00
Matt Pass
69d8ddce77 Need to target on top.ICEcoder.xssClean 2014-04-22 09:25:18 +01:00
Matt Pass
3926d4468c xssClean function added & used by serverMessage 
Replaces 5 x based HTML chars
 2014-04-22 08:55:09 +01:00
Matt Pass
493950667b Clean tags from HTTP UA 
Users can alter this, causing an XSS
 2014-04-22 08:06:17 +01:00
Matt Pass
d6a7db8f3e xssClean function added 
Had 4 different contexts, the first 2 alter parts of strings, the last 2
remove those parts
 2014-04-22 08:05:40 +01:00
Matt Pass
d6fcf5a121 Need CSRF on URL called on logout 2014-04-21 08:32:22 +01:00
Matt Pass
328a8a9808 Adjustment to value, should just be nosniff 2014-04-21 08:15:34 +01:00
Matt Pass
0daf6c3081 Redo security headers 2014-04-21 07:57:41 +01:00
Matt Pass
1d5c74e424 Add CSRF and clickjacking protection 
This header file included in all PHP files as first item.
CSRF checks happen on GET or POST instances
Security related headers also added to prevent clickjacking
 2014-04-18 18:21:17 +01:00
Matt Pass
c6bb782118 Add csrf to end of all querystrings 2014-04-18 18:19:58 +01:00
Matt Pass
b45817ec65 headers.php included and csrf POST added 2014-04-18 18:10:50 +01:00
Matt Pass
a15dfda92c headers.php included and csrf POST and GET added 2014-04-18 18:07:49 +01:00