Commit Graph

11 Commits

Author SHA1 Message Date
Matthew Noorenberghe 99f1e23c5b Replace usage of PHP_SELF in views/. Fixes #2450 2019-02-09 21:39:19 -08:00
Matthew Noorenberghe 47d8c9b066 plugin.php: Remove undefined onclick function reference and enforce CSP
Also fix tag closing.
2019-01-23 19:47:58 -08:00
Matthew Noorenberghe 59cc65411f plugin.php: Fix XSS and directory traversal bugs. Fixes #2436
This view seems like dead code so maybe it should be removed instead.
2019-01-23 19:41:38 -08:00
Matt N d33fec9c3f Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
* Add Content-Security-Policy-Report-Only: script-src 'self' 'nonce-' policy

* Use @data-on-click-this to attach inline click event handlers which expect being called with 'this'

Only handle ones that don't return a value.

* Use @data-on-click to attach inline click event handlers with no args and no return value

* Use @data-on-click-true to attach inline click event handlers with 'true' as the only argument

* Enforce a script-src CSP on views without inline JS

* Convert some onchange attributes to data-on-change
2019-01-16 09:59:58 -05:00
Andy Bauer 254fcbcef7 update gpl 2 mailing address in source files 2016-12-26 09:23:16 -06:00
Andrew Bauer 3a94712db2 add translate function 2015-05-10 08:10:30 -05:00
SteveGilvarry 45fd7f1eca Found some old open tags left over 2015-04-08 20:11:26 +10:00
SteveGilvarry e87e69fa57 Ran script to replace all Short open tags 2014-12-05 10:44:23 +11:00
Isaac Connor 3393a63525 more updates 2013-12-17 12:53:15 -05:00
Isaac Connor 2a45506bff more quoting removal 2013-10-17 16:15:04 -04:00
nextime 33cbd89212 Migrate svn to git 2013-03-17 00:45:21 +01:00