Isaac Connor
bf29357455
Merge branch 'release-1.34'
2020-09-19 12:01:21 -04:00
Isaac Connor
6b2773ad8c
Handle invalid eid more gracefully.
2020-09-16 14:21:03 -04:00
Isaac Connor
9268db14a7
Fix xss reported by Noccolo Picca relating to not sanitizing connkey
2020-09-16 14:14:31 -04:00
Isaac Connor
dd5e342196
use xhtmlFooter
2020-09-02 18:17:12 -04:00
Isaac Connor
547e80b1a9
Fix download and export button from events list. Fixes #2668 ( #2670 )
2019-07-24 12:31:43 -04:00
Isaac Connor
10a972f2a0
fixes to download video
2019-03-20 14:51:59 -04:00
Isaac Connor
52e66adc99
Fix namespace
2019-03-20 14:25:12 -04:00
Isaac Connor
555cb4780d
Merge branch 'master' into storageareas
2019-02-10 12:37:45 -05:00
Matthew Noorenberghe
99f1e23c5b
Replace usage of PHP_SELF in views/. Fixes #2450
2019-02-09 21:39:19 -08:00
Matthew Noorenberghe
61f6a92cc0
view=download: Validate the eid parameter to avoid XSS. Fixes #2442
2019-02-09 01:37:32 -08:00
Matthew Noorenberghe
0b38e72f88
view=download: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2441
2019-02-09 01:16:32 -08:00
Isaac Connor
f49dd93b6a
Merge branch 'master' into storageareas
2019-01-16 14:39:56 -05:00
Matt N
d33fec9c3f
Add a CSP script-src policy with nonce-source and convert more inline event handlers ( #2413 )
...
* Add Content-Security-Policy-Report-Only: script-src 'self' 'nonce-' policy
* Use @data-on-click-this to attach inline click event handlers which expect being called with 'this'
Only handle ones that don't return a value.
* Use @data-on-click to attach inline click event handlers with no args and no return value
* Use @data-on-click-true to attach inline click event handlers with 'true' as the only argument
* Enforce a script-src CSP on views without inline JS
* Convert some onchange attributes to data-on-change
2019-01-16 09:59:58 -05:00
Isaac Connor
05f0338219
use a unique connection key for downloads
2018-07-12 14:07:19 -04:00
Isaac
d8a62e0ede
Show total size for non-montage review downloads as well
2018-05-18 15:51:42 +02:00
Isaac Connor
9fe7ba25e2
improve the download ui
2017-12-11 14:33:17 -08:00
Isaac Connor
72a50910e6
Merge pull request #56 from digital-gnome/storageareas-fixMontageReviewFilter
...
Montagereview filter respect groups setting
2017-12-04 17:08:51 -05:00
digital-gnome
3f62d1e24d
Montagereview filter respect groups setting
2017-12-04 14:35:33 -05:00
Isaac Connor
1ccd344bf5
implement Storage Area move
2017-12-04 11:05:50 -05:00
digital-gnome
3e7c573da5
Add download video option to events view
...
Creates a new popup window for downloading event video files with no directory structure in the archive
2017-12-03 14:42:07 -05:00