Tom Hughes
895eb829c9
Backout message deletion functionality as it has unfortunate side effects
...
as it also removes the message from the sender's outbox.
2008-05-06 16:35:24 +00:00
Steve Coast
ee6165bf9b
ability to delete messages
2008-05-03 13:25:34 +00:00
Tom Hughes
0d70728fe2
Escape user display names.
2008-03-04 16:51:13 +00:00
Steve Coast
cacf1879c3
user images
2008-02-23 15:18:59 +00:00
Tom Hughes
c3bd1f113b
Tidy up message sensitisation a bit more, and add sensitisation of
...
information in the diary RSS feeds.
2008-01-16 10:02:42 +00:00
Tom Hughes
b416597507
Make the message reply link prefill the title with "Re: original title".
...
Closes #634 .
2008-01-15 19:05:17 +00:00
Tom Hughes
9f909d7447
Add a few more escape calls to prevent nasty HTML being rendered. Also
...
switch to using sanitize() instead of h() to escape message bodies. This
is not quite as safe as there is no guarantee that the HTML scanner it
uses will find everything, but is does allow benign HTML tags to be
displayed again.
2008-01-15 18:22:08 +00:00
Tom Hughes
1e54573bae
Escape message titles and bodies. This is an emergency fix as some genius
...
has decided to report this XSS problem to a public mailing list. Unfortunately
it means that some functionality (links in messages etc) has been lost for now.
2008-01-15 00:26:01 +00:00
Mikel Maron
d736a158be
message outbox
2007-11-21 18:24:29 +00:00
Steve Coast
2c0cd2730c
a few message prettyness things
2007-09-04 14:20:42 +00:00
Dan Karran
3c79240a6a
Showing all messages in inbox, but sorting by date DESC and highlighting new ones. Adding link from message reading page back to inbox. Mark as read/unread.
2007-08-17 18:05:09 +00:00
Tom Hughes
b61e4f77e8
Improve handling of user to user messages.
2007-08-14 17:29:27 +00:00
Tom Hughes
aa52ebe674
User form_tag/end instead of start_form_tag/end_form_tag to avoid
...
deprecation warnings.
2007-06-10 23:22:56 +00:00
Nick Black
7d52305640
added messaging and friend stuff that wasn't checked in
2007-05-06 10:36:06 +00:00
