msb-public/wiki - wiki - 马士兵教育代码仓库

Commit Graph

Author	SHA1	Message	Date
PaulD987	cc2b68a2e9	Merge `bfc4ade6c3` into `42a72183d0`	2 weeks ago
Kolega.dev	7ae6635d16	fix: validate loginRedirect cookie to prevent open redirect (#7923 ) The loginRedirect cookie value was used directly in res.redirect() and window.location.replace() without validation, allowing redirection to arbitrary external URLs. Added validation to ensure the redirect target is a relative path before use. Co-authored-by: kolega.dev <faizan@kolega.ai>	2 months ago
NGPixel	85c304f583	fix: add cookie secure flag when site is using https (client-side)	3 months ago
NGPixel	857c1720b1	fix: css editor in page properties dialog not loading	3 months ago
NGPixel	19c26e58c9	fix: handle breadcrumb locale prefix correctly	3 months ago
Felix Eckhofer	b950e065e9	fix: stop dompurify from breaking draw.io diagrams (#7888 ) Newer versions of dompurify strip <foreignobject> tags if not explicitly allowed. See https://github.com/cure53/DOMPurify/issues/1040 Fixes #7744	3 months ago
NGPixel	f68d1f60ca	fix: hide unfinished features	3 months ago
Wingqvist	326974cdd5	fix(profile): Prevent autofill on header search bar (#7688 ) This commit resolves the recurring issue where password managers incorrectly autofill the header search bar when viewing the user profile page. This is achieved by wrapping the password change fields in a <form> element, properly scoping them for browser autofill logic, and using modern, standard `autocomplete` attributes. This addresses the root cause of the issue, whereas previous attempts tried to mitigate the symptom in the search bar. Fixes #2324 Closes #3327	3 months ago
Karol Rudnikowski (dxdroni)	f54551ee69	fix: page pagination in tags component (#7061 )	2 years ago
Nicolas Giard	b1e1759f25	fix: set securityTrustProxy to false by default	2 years ago
Jasmine Tai	99e74e8eb2	feat: upgrade markdown-it-emoji to 3.0.0 (#6945 )	2 years ago
Nicolas Giard	3bf1d9cf28	fix: disable template compilation in source view	3 years ago
NGPixel	b5b1913396	feat: footer override markdown inline parsing	3 years ago
NGPixel	e954b50a7a	feat: footer text override option	3 years ago
Leangseu Kim	26dcc007e7	fix: sort visualize tree (#6110 ) Co-authored-by: k k <kleangseu@yahoo.com>	3 years ago
Boris	54dbf9ad00	feat: add asciidoc editor module (#5954 ) * feat: add asciidoc editor module * fix storage file extension for asciidoc pages * fix: asciidoc editor + rendering improvements * fix: description list css improvements Co-authored-by: NGPixel <github@ngpixel.com>	3 years ago
NGPixel	f3133a72ec	feat: toc sidebar position	3 years ago
cannorin	db2ad81a1f	feat: katex persistent macro support (#5838 ) Co-authored-by: cannorin <cannorin@users.noreply.github.com>	3 years ago
NGPixel	9fbc25adb8	feat: improve table rendering + add markdown-it-decorate module	3 years ago
九零	1bb9be0e62	fix: admin contribute link address. (#5791 )	4 years ago
Evandro Arruda	274ecf4b20	fix: America/Sao_Paulo timezone offset (#5690 )	4 years ago
NGPixel	8715cd69b2	feat: edit shortcuts	4 years ago
Sandhya Veludandi	4e5da41d35	fix: page cursor and pagination (#5541 ) * fix: search results not displaying on first page * fix: page cursor position stays the same between page selection	4 years ago
Nicolas Giard	e78953d018	fix(admin): update admin groups page rules write:pages label to match actual permissions	4 years ago
NGPixel	48077fc9e5	feat(admin): make page extensions configurable	4 years ago
Nicolas Giard	1e577735c4	fix(mail): typo in admin mail save mutation	4 years ago
David Wheatley	97a744556b	feat(mail): allow setting of mailer identifying name (#5363 )	4 years ago
Nicolas Giard	cd33ff0afb	feat(admin): export tool for full migration / backup (#5294 ) * feat: export content utility (wip) * feat: export navigation + groups + users * feat: export comments + navigation + pages + pages history + settings * feat: export assets	4 years ago
myml	8be88cb273	fix(search): search result display as empty after clearing field (#5283 )	4 years ago
Oleksandr Koltsov	24dbc097cb	fix: change spelling of Kiev to Kyiv (#5285 ) Co-authored-by: Alex Koltsov <alex@slinex.com>	4 years ago
Tomas McNamer	fc6e4ab9c4	feat: add link to admin area on welcome page (#4035 ) * feat: Add link to admin area on welcome page See: #1259 * fix: remove trailing slash from welcome admin button * fix: welcome page admin button link Co-authored-by: Nicolas Giard <github@ngpixel.com>	4 years ago
NGPixel	afafb4f4e0	fix: md task list - use same config as client	4 years ago
NGPixel	a04f7bd650	fix: force uploads to use auth headers instead of cookie	4 years ago
NGPixel	92fe9d3e31	fix: view source of page version crash (#3297 )	4 years ago
NGPixel	79bdd44093	fix: force download of unsafe extensions	4 years ago
NGPixel	5d3e81496f	fix: sanitize SVG uploads	4 years ago
NGPixel	0d7d95d2ac	fix: markdown checkbox rendering with links	4 years ago
anatawa12	29f173c24c	fix: query parameter on tags page (#4668 )	4 years ago
broxen	813df21020	fix: prevent malformed paths for pages (#4533 ) * First take on removing erroneous path characters Paths should not accept trailing slashes or hashtags. This is a first attempt at nullifying those. * Use rules to verify path before acceptance Use Regex and rules to verify paths before acceptance * Rules to prevent any leading or trailing slashes * Complex slug for regex on path, but it elminates special chars * Added yarn.lock to .gitignore * Maybe we do want yarn.lock afterall * Adding yarn.lock * Move Regex pattern outside of export	5 years ago
François Karman	cc4c2bfcd5	fix: update social-sharing.vue to have proper icons (#4556 ) facebook and linkedin icons were invalid	5 years ago
tsh96	7e997aada5	fix: resolve admin pages pagination bug (#4280 )	5 years ago
Paul S Dennis	bfc4ade6c3	Merge remote-tracking branch 'upstream/dev' into fix-bypass-unauthorized-screen	5 years ago
NGPixel	84b927915e	fix: convert page - task list + UI fixes	5 years ago
NGPixel	26f1c0f372	feat: convert page	5 years ago
Paul S Dennis	535d47c3fe	Optionally always redirect user to login page if they are not authenticated and land on a page that guest is not authorized to view If a wiki is configured to be private, eg guest does not have any permissions to view any of the pages on the wiki, it is an annoyance to always be told that you aren't authorized to view a page when you aren't logged in. A more natural flow in this sort of scenario would be to be automatically directed to the login page so that the user can authenticate (and then hopefully gain access to the page). This change adds a configuration option to the security page to enable "Bypass Unauthatorized Screen" functionality. This option defaults to false, so there is no change in behavior for existing/new installations, it is an opt-in configuration change. Two new translatable strings are added: "admin:security.bypassUnauthorized": "Bypass Unauthorized Screen" "admin:security.bypassUnauthorizedHint": "Should the user be redirected automatically to the login screen if they are not authenticated and attempt to access a page not accessible to Guest"	5 years ago
scienceasdf	cfbd3dca00	Fix: in group edit rules, write scripts permission and write styles permission can be configured. (#2829 ) At present, the user that are not in the administrator group have no access to edit scripts and styles in page editor panel. This commit add configuration in group rule manage webpage so that users' permission on writing styles and writing scripts can be modified.	5 years ago
Guillaume Hanotel	e3fd967ad7	feat: ability to open search result in new tab with middle-click (#2919 )	5 years ago
Marwane Kalam-Alami	b5af931f88	fix: support tags containing special characters (#2743 ) (#2748 )	5 years ago
Edoardo Morassutto	a37a73dede	fix: inline math interpreted as attributes (#2645 ) When using inline math ($e^{-x^2}$) the curly braces are interpreted as attributes by markdown-it-attrs. Since most of the times they are not valid attributes they simply get removed. This patch escapes the curly braces (the default attribute delimiter), fixing the KaTeX rendering errors. It would be nice to simply skip that rule for `katex_inline` block types but as far as I know markdown-it-attrs doesn't have such an option. Fixes #1581	6 years ago
Nicolas Giard	a57d9af34c	Merge pull request from GHSA-pgjv-84m7-62q7	6 years ago

1 2 3 4 5 ...

525 Commits (cc2b68a2e9041fe7e50b6dc5bbc57ec6584852a2)