cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
817 commits 4 branches 1 tag 499 MiB
Commit graph

20 commits

Author SHA1 Message Date
Tom Hughes
0d70728fe2 Escape user display names. 2008-03-04 16:51:13 +00:00
Steve Coast
cacf1879c3 user images 2008-02-23 15:18:59 +00:00
Tom Hughes
c3bd1f113b Tidy up message sensitisation a bit more, and add sensitisation of 
information in the diary RSS feeds.
 2008-01-16 10:02:42 +00:00
Tom Hughes
b416597507 Make the message reply link prefill the title with "Re: original title". 
Closes #634.
 2008-01-15 19:05:17 +00:00
Tom Hughes
9f909d7447 Add a few more escape calls to prevent nasty HTML being rendered. Also 
switch to using sanitize() instead of h() to escape message bodies. This
is not quite as safe as there is no guarantee that the HTML scanner it
uses will find everything, but is does allow benign HTML tags to be
displayed again.
 2008-01-15 18:22:08 +00:00
Tom Hughes
1e54573bae Escape message titles and bodies. This is an emergency fix as some genius 
has decided to report this XSS problem to a public mailing list. Unfortunately
it means that some functionality (links in messages etc) has been lost for now.
 2008-01-15 00:26:01 +00:00
Tom Hughes
2cbcabb3f6 HTML escape substituted parameter values to avoid injection attacks. 2007-11-23 00:49:55 +00:00
Tom Hughes
7b172efeb6 Don't indicate if a message has been read in the outbox view. 2007-11-21 23:54:14 +00:00
Mikel Maron
d736a158be message outbox 2007-11-21 18:24:29 +00:00
Steve Coast
2c0cd2730c a few message prettyness things 2007-09-04 14:20:42 +00:00
Tom Hughes
9fa8aab9f2 Revert SteveC's edit as blank title are now banned. 2007-09-04 14:08:17 +00:00
Steve Coast
c04e9ccf95 link to 'no subject' if message title/subject is blank 2007-09-04 13:43:31 +00:00
Tom Hughes
2e2189ecb9 Fix typo. 2007-08-22 00:20:53 +00:00
Tom Hughes
a894e75a1d Fix diary entry creation... 2007-08-22 00:19:58 +00:00
Dan Karran
9da455a322 Moving inbox styling definitions into the stylesheet. 2007-08-18 12:22:04 +00:00
Dan Karran
3c79240a6a Showing all messages in inbox, but sorting by date DESC and highlighting new ones. Adding link from message reading page back to inbox. Mark as read/unread. 2007-08-17 18:05:09 +00:00
Tom Hughes
b61e4f77e8 Improve handling of user to user messages. 2007-08-14 17:29:27 +00:00
Dan Karran
e6af088dda Seperating message receiving off into 'inbox' function. 2007-06-20 22:32:15 +00:00
Tom Hughes
aa52ebe674 User form_tag/end instead of start_form_tag/end_form_tag to avoid 
deprecation warnings.
 2007-06-10 23:22:56 +00:00
Nick Black
7d52305640 added messaging and friend stuff that wasn't checked in 2007-05-06 10:36:06 +00:00