fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-19 17:02:16 +09:00
Code Issues Projects Releases Packages Wiki Activity
21062 commits 7 branches 212 tags 119 MiB
Commit graph

21062 commits

This branch
This branch
All branches
Author SHA1 Message Date
Lastorder
1eab5cdfab
Merge branch 'rhymix:master' into master 2026-05-12 14:16:40 +09:00
Kijin Sung
b7b1a6e5fc Version 2.1.33 2026-05-12 11:43:00 +09:00
Kijin Sung
eb925d9d28 Merge branch 'security/rve-2026-12' 2026-05-11 18:17:55 +09:00
Kijin Sung
8f5c947359 Merge branch 'security/rve-2026-11' 2026-05-11 18:17:53 +09:00
Kijin Sung
899a184527 Merge branch 'security/rve-2026-10' 2026-05-11 18:17:50 +09:00
Kijin Sung
877c85ff29 Merge branch 'security/rve-2026-9' 2026-05-11 18:17:46 +09:00
Kijin Sung
a0af01c76a Merge branch 'security/rve-2026-8' 2026-05-11 18:17:41 +09:00
Kijin Sung
aa0f3f0200 Merge branch 'security/rve-2026-7' 2026-05-11 18:17:22 +09:00
Kijin Sung
180aa6f434 Add IP exceptions to login failure counting config 2026-05-11 16:56:48 +09:00
Kijin Sung
20c57fc563 Fix missing query conditions #2699 2026-05-11 15:46:35 +09:00
Kijin Sung
3566a01a0e Fix inconsistency between getDocumentList() and getDocumentPage() when searching #2699 2026-05-11 15:26:56 +09:00
Kijin Sung
e276eb8377 Hide friend option in signup form and member modify page if friend is disabled in communication module #2702 2026-05-08 21:12:23 +09:00
Kijin Sung
f00780ef47 Fix lang code exposure after selecting module in document manage popup 2026-05-08 21:01:12 +09:00
Kijin Sung
501aac23f9 Fix undefined variables and other minor errors 2026-05-07 23:36:47 +09:00
Kijin Sung
536e9154aa Change option name to reflect that it is not recommended 2026-05-07 23:26:04 +09:00
Kijin Sung
38d1a3a585 Always display "allow duplicate nickname" option 2026-05-07 23:22:50 +09:00
Kijin Sung
589b9167c9 Remove link to temporary documents in admin list 2026-05-07 23:21:18 +09:00
Kijin Sung
71b11c769d Fix incorrect error location when R\F\Exception is thrown from inside an event handler 2026-05-07 23:07:36 +09:00
Kijin Sung
67a77ff4c8 Add missing return 2026-05-07 22:52:25 +09:00
Kijin Sung
ee32464568 Improve defense against non-array cached value #2705 2026-05-07 21:38:57 +09:00
Kijin Sung
83e2c981ce Fix conflicting pre_conversion types setting in file module config #2707 2026-05-07 21:31:55 +09:00
Kijin Sung
c2e38044a4 Fix RVE-2026-12 unauthorized file deletion 2026-05-07 20:29:06 +09:00
Kijin Sung
93c8fa3d7d Fix RVE-2026-11 XSS in Photoswipe addon 2026-05-07 20:20:27 +09:00
Kijin Sung
abda55c926 Remove dispLayoutPreview 2026-05-07 17:17:35 +09:00
Kijin Sung
1033cc33a7 Fix undefined variable error in PHP 8 2026-05-07 17:10:14 +09:00
Kijin Sung
bde08b1480 Only check path recursively if its realpath is different 2026-05-04 13:03:25 +09:00
Kijin Sung
019950c8a8 Prevent unnecessary double cookie refresh when logging in as admin 2026-04-30 23:13:05 +09:00
Kijin Sung
7f1a61fb83 Clean up session refresh handling (dedicated timer, don't refresh in non-GET request, etc.) 2026-04-30 23:00:55 +09:00
Kijin Sung
f438a91cd6 Treat samesite attribute as a string, not integer 2026-04-30 22:44:14 +09:00
Kijin Sung
0fdbf72e32 Reset default thumbnail target to "attachment", and add warning about using external images 2026-04-30 17:35:01 +09:00
Kijin Sung
9f1a3574c5 Remove SSO 2026-04-29 23:31:29 +09:00
Kijin Sung
8cfd66713c Refresh session when accessing admin page 2026-04-29 23:25:17 +09:00
Kijin Sung
1511693cf6 Regenerate session ID upon login and peridically RVE-2026-8 2026-04-29 23:12:02 +09:00
Kijin Sung
6392fa8f9b Protect more directories in external page path RVE-2026-10 2026-04-29 18:06:24 +09:00
Kijin Sung
109949c8a1 Fix insufficient escape in autolink addon RVE-2026-9 2026-04-29 17:51:02 +09:00
Kijin Sung
453a9bb26a Fix insufficient protection of thumbnail temp file RVE-2026-7 2026-04-29 17:42:45 +09:00
Kijin Sung
d609d36ac6 Add Storage::protectDirectory() to place .htaccess and index.html files in a directory 2026-04-29 17:38:56 +09:00
Kijin Sung
e724236681 Set default thumbnail target to "attachment only" 2026-04-29 17:19:21 +09:00
Kijin Sung
045010670b Add triggers before and after category insert/update/delete 2026-04-26 18:30:51 +09:00
Kijin Sung
c66daf6507 Be more strict about skipping embedded SVG checks #2703 2026-04-26 18:18:40 +09:00
Kijin Sung
715daa9a69 Disallow setting allow_message to "F" if friend feature is disabled #2702 2026-04-26 18:13:59 +09:00
Kijin Sung
4090d6f5d7 Hide friend-related options and error messages if friend feature is disabled #2702 2026-04-26 14:55:57 +09:00
Kijin Sung
f9119c8ba3 Fix incorrect detection of ChatGPT-generated PNG as dangerous SVG #2703 2026-04-26 14:47:52 +09:00
Lastorder
74f1f8a1ba
Merge branch 'rhymix:master' into master 2026-04-22 16:39:39 +09:00
Kijin Sung
a92016cf4f Distinguish between vote and blame when setting setPoint() note 2026-04-18 23:30:39 +09:00
Kijin Sung
02ca0450ad Add note when calling setPoint() so that downstream event handlers can tell what the change was for 2026-04-18 23:20:38 +09:00
Kijin Sung
3e4b4a21b3 Fix unnecessary modification of document restored from trash #2697 2026-04-14 23:57:25 +09:00
Kijin Sung
7368773040 Add triggers before/after procMemberCheckValue and procMemberModifyInfo #2698 #2700 2026-04-14 23:36:01 +09:00
Kijin Sung
cc8e256cba Add message after deleting scrap #2694 2026-04-11 20:50:05 +09:00
Kijin Sung
db52c6df4c Fix double-escape of homepage field #2695 2026-04-11 20:46:50 +09:00