msb-public/wiki - wiki - 马士兵教育代码仓库

Commit Graph

Author	SHA1	Message	Date
PaulD987	5c3ba2a8ee	Merge `bfc4ade6c3` into `6f042e97cc`	2 weeks ago
Kolega.dev	7ae6635d16	fix: validate loginRedirect cookie to prevent open redirect (#7923 ) The loginRedirect cookie value was used directly in res.redirect() and window.location.replace() without validation, allowing redirection to arbitrary external URLs. Added validation to ensure the redirect target is a relative path before use. Co-authored-by: kolega.dev <faizan@kolega.ai>	4 months ago
NGPixel	1d0d87af6e	fix: add cookie secure flag when site is using https	5 months ago
dhulripos	b49c00226c	fix: Add missing status code on unauthorized access (#7785 ) * fix status code on unauthorized * Remove unnecessary line breaks	8 months ago
Craig Reyenga	cd77f36120	fix: requests without user-agent causing error 500 (#7749 )	10 months ago
Kyle Gehmlich	545ba4ec95	fix: remove duplicate query parameters on HTTPS redirect (#6460 ) HTTPS redirection rebuilds the full URL using req.originalUrl, which includes query parameters (see https://expressjs.com/en/api.html#req.originalUrl). Prior to this patch, appending the stringified query params to req.originalUrl resulted in duplicate parameters, e.g. wiki.js/callback?session=123&code=abc?session=123&code=abc which caused errors when being redirected from an insecure (http://) callback URL to a secure version when using OIDC (e.g. with keycloak). This issue is probably rare, but in cases where HTTPS redirection is enabled and a user tries to hit an insecure URL with query parameters, it could cause problems.	3 years ago
Dan Nicholson	78a35c377c	feat: include query parameters in locale redirect (#6132 ) * feat: include query parameters in locale redirect * refactor: code cleanup --------- Co-authored-by: Nicolas Giard <github@ngpixel.com>	3 years ago
NGPixel	8715cd69b2	feat: edit shortcuts	4 years ago
NGPixel	48077fc9e5	feat(admin): make page extensions configurable	4 years ago
NGPixel	13890a92ab	fix: default comment provider not displaying	4 years ago
Nicolas Giard	a647626a51	fix: external comments template using incorrect page variables	4 years ago
NGPixel	92fe9d3e31	fix: view source of page version crash (#3297 )	4 years ago
opalmay	9081232e7c	fix: disallow # char in file uploads (#3770 )	5 years ago
Paul S Dennis	535d47c3fe	Optionally always redirect user to login page if they are not authenticated and land on a page that guest is not authorized to view If a wiki is configured to be private, eg guest does not have any permissions to view any of the pages on the wiki, it is an annoyance to always be told that you aren't authorized to view a page when you aren't logged in. A more natural flow in this sort of scenario would be to be automatically directed to the login page so that the user can authenticate (and then hopefully gain access to the page). This change adds a configuration option to the security page to enable "Bypass Unauthatorized Screen" functionality. This option defaults to false, so there is no change in behavior for existing/new installations, it is an opt-in configuration change. Two new translatable strings are added: "admin:security.bypassUnauthorized": "Bypass Unauthorized Screen" "admin:security.bypassUnauthorizedHint": "Should the user be redirected automatically to the login screen if they are not authenticated and attempt to access a page not accessible to Guest"	5 years ago
PaulD987	3f001dca2c	fix: loginRedirect doesn't work for non local strategies (#3222 )	5 years ago
NGPixel	0fa5b9750d	fix: handle missing extra field during page render	6 years ago
NGPixel	5295e413be	fix: bypass page rule check for global permission check + handle missing page extra field	6 years ago
NGPixel	78417524b3	feat: ldap avatar support	6 years ago
NGPixel	062a0b7979	feat: logout by auth strategy + keycloak implementation	6 years ago
NGPixel	ae733392f3	feat: password reset	6 years ago
NGPixel	e319355017	feat: enable/disable TFA per user	6 years ago
NGPixel	8c205b6950	fix: site title check + UI fixes + 2FA setup on account verify	6 years ago
Seyed Sajad Kahani	15bca54bdf	fix: change language in edit, history and source pages (#2194 ) * change language in edit, history and source pages * fix: remove unnecessary i18n locale switch for download page Co-authored-by: Nicolas Giard <github@ngpixel.com>	6 years ago
NGPixel	4cd6fe8a56	fix: unauthorized admin should receive 403 code	6 years ago
NGPixel	4f16dd0c81	fix: admin permissions + restrict nav settings	6 years ago
NGPixel	b475795595	feat: login bg + bypass + hide local option	6 years ago
NGPixel	4cb7f33dcf	feat: visual editor code + sub/sup + table props	6 years ago
NGPixel	4855051d87	feat: page published state + comments localization	6 years ago
NGPixel	83b83a7510	feat: page css + scripts	6 years ago
NGPixel	718c14dd74	feat: editor props scripts + styles code editor	6 years ago
Regev Brody	0a16929a57	fix: editing buttons showing up even if no action is allowed (#2043 ) * feat: Edit / Page Create Buttons showing up even if no action is allowed #1780	6 years ago
NGPixel	1222355046	feat: comments - default provider create (wip) + permissions	6 years ago
NGPixel	fb6c01c538	fix: legacy page view	6 years ago
NGPixel	887e8a0f5a	feat: comments disqus + commento	6 years ago
NGPixel	134f057bb8	feat: uploads config + security admin page	6 years ago
NGPixel	cc9f022051	fix: nav external blank option	6 years ago
NGPixel	dae64f00a0	fix: brute-knex refactor	6 years ago
NGPixel	8aba5305d8	feat: sidebar item permissions + admin nav edit	6 years ago
NGPixel	1e4d513252	feat: user profile page - save info + change pwd	6 years ago
NGPixel	4398573645	feat: save conflict check polling	6 years ago
NGPixel	13a995133b	feat: branch off / create from template	6 years ago
NGPixel	e50dc89519	feat: view version of page source	6 years ago
NGPixel	2ac9131244	feat: page history - download version	6 years ago
NGPixel	ff5acba358	fix: redirect to previous path after login	6 years ago
NGPixel	1fc786e2ed	fix: redirect home to login only if guest	6 years ago
NGPixel	ad3a6e15f9	fix: rtl list bullet symbol	6 years ago
NGPixel	1914d40574	fix: set rtl correctly if default lang is non-rtl	6 years ago
BobbyB	b82c788e5c	feat: add Page Rules For Matching Tags (#1418 ) * Added Page Rules For Matching Tags * fix: use T as Tag Match icon * fix: reorder page rules in checkAccess * fix: common controller tags code refactor Co-authored-by: Nicolas Giard <github@ngpixel.com>	6 years ago
NGPixel	ae53484abd	feat: admin ssl - renew cert + toggle redirection btn	6 years ago
NGPixel	91e897ccd9	fix: admin contribute list + source permission	6 years ago

1 2 3

141 Commits (5c3ba2a8eea8ae5063dc1ed4f3a1be12d92e6be7)