Commit Graph

135 Commits

Author SHA1 Message Date
Kyle Gehmlich
545ba4ec95
fix: remove duplicate query parameters on HTTPS redirect (#6460)
HTTPS redirection rebuilds the full URL using req.originalUrl, which
includes query parameters (see
https://expressjs.com/en/api.html#req.originalUrl). Prior to this patch,
appending the stringified query params to req.originalUrl resulted in
duplicate parameters, e.g.
wiki.js/callback?session=123&code=abc?session=123&code=abc
which caused errors when being redirected from an insecure (http://)
callback URL to a secure version when using OIDC (e.g. with keycloak).

This issue is probably rare, but in cases where HTTPS redirection is
enabled and a user tries to hit an insecure URL with query parameters,
it could cause problems.
2023-06-03 23:19:01 -04:00
Dan Nicholson
78a35c377c
feat: include query parameters in locale redirect (#6132)
* feat: include query parameters in locale redirect

* refactor: code cleanup

---------

Co-authored-by: Nicolas Giard <github@ngpixel.com>
2023-02-16 19:04:19 -05:00
NGPixel
8715cd69b2
feat: edit shortcuts 2022-09-20 16:55:05 -04:00
NGPixel
48077fc9e5
feat(admin): make page extensions configurable 2022-06-24 22:20:36 -04:00
NGPixel
13890a92ab
fix: default comment provider not displaying 2022-04-29 19:36:47 -04:00
Nicolas Giard
a647626a51
fix: external comments template using incorrect page variables 2022-04-14 22:09:45 -04:00
NGPixel
92fe9d3e31
fix: view source of page version crash (#3297) 2022-01-10 17:20:13 -05:00
opalmay
9081232e7c
fix: disallow # char in file uploads (#3770) 2021-05-20 15:16:26 -04:00
PaulD987
3f001dca2c
fix: loginRedirect doesn't work for non local strategies (#3222) 2021-03-18 21:56:59 -04:00
NGPixel
0fa5b9750d fix: handle missing extra field during page render 2020-10-03 16:50:51 -04:00
NGPixel
5295e413be fix: bypass page rule check for global permission check + handle missing page extra field 2020-09-09 19:35:43 -04:00
NGPixel
78417524b3 feat: ldap avatar support 2020-09-07 20:02:33 -04:00
NGPixel
062a0b7979 feat: logout by auth strategy + keycloak implementation 2020-09-01 20:01:39 -04:00
NGPixel
ae733392f3 feat: password reset 2020-08-30 21:46:55 -04:00
NGPixel
e319355017 feat: enable/disable TFA per user 2020-08-30 14:18:22 -04:00
NGPixel
8c205b6950 fix: site title check + UI fixes + 2FA setup on account verify 2020-08-23 12:58:56 -04:00
Seyed Sajad Kahani
15bca54bdf
fix: change language in edit, history and source pages (#2194)
* change language in edit, history and source pages

* fix: remove unnecessary i18n locale switch for download page

Co-authored-by: Nicolas Giard <github@ngpixel.com>
2020-07-29 19:54:31 -04:00
NGPixel
4cd6fe8a56 fix: unauthorized admin should receive 403 code 2020-07-19 15:30:29 -04:00
NGPixel
4f16dd0c81 fix: admin permissions + restrict nav settings 2020-07-19 15:26:51 -04:00
NGPixel
b475795595 feat: login bg + bypass + hide local option 2020-07-05 01:36:02 -04:00
NGPixel
4cb7f33dcf feat: visual editor code + sub/sup + table props 2020-06-21 14:47:11 -04:00
NGPixel
4855051d87 feat: page published state + comments localization 2020-06-20 22:08:59 -04:00
NGPixel
83b83a7510 feat: page css + scripts 2020-06-20 16:39:36 -04:00
NGPixel
718c14dd74 feat: editor props scripts + styles code editor 2020-06-19 21:00:44 -04:00
Regev Brody
0a16929a57
fix: editing buttons showing up even if no action is allowed (#2043)
* feat: Edit / Page Create Buttons showing up even if no action is allowed #1780
2020-06-19 18:54:05 -04:00
NGPixel
1222355046 feat: comments - default provider create (wip) + permissions 2020-05-26 22:56:24 -04:00
NGPixel
fb6c01c538 fix: legacy page view 2020-05-21 00:20:57 -04:00
NGPixel
887e8a0f5a feat: comments disqus + commento 2020-05-21 00:20:57 -04:00
NGPixel
134f057bb8 feat: uploads config + security admin page 2020-05-10 15:55:28 -04:00
NGPixel
cc9f022051 fix: nav external blank option 2020-05-08 18:48:07 -04:00
NGPixel
dae64f00a0 fix: brute-knex refactor 2020-04-21 23:16:13 -04:00
NGPixel
8aba5305d8 feat: sidebar item permissions + admin nav edit 2020-04-18 18:33:22 -04:00
NGPixel
1e4d513252 feat: user profile page - save info + change pwd 2020-04-05 23:49:26 -04:00
NGPixel
4398573645 feat: save conflict check polling 2020-03-02 00:43:19 -05:00
NGPixel
13a995133b feat: branch off / create from template 2020-03-01 18:25:43 -05:00
NGPixel
e50dc89519 feat: view version of page source 2020-03-01 18:25:43 -05:00
NGPixel
2ac9131244 feat: page history - download version 2020-03-01 18:25:43 -05:00
NGPixel
ff5acba358 fix: redirect to previous path after login 2020-02-07 14:51:11 -05:00
NGPixel
1fc786e2ed fix: redirect home to login only if guest 2020-02-07 14:32:45 -05:00
NGPixel
ad3a6e15f9 fix: rtl list bullet symbol 2020-01-31 22:34:38 -05:00
NGPixel
1914d40574 fix: set rtl correctly if default lang is non-rtl 2020-01-31 22:29:40 -05:00
BobbyB
b82c788e5c
feat: add Page Rules For Matching Tags (#1418)
* Added Page Rules For Matching Tags

* fix: use T as Tag Match icon

* fix: reorder page rules in checkAccess

* fix: common controller tags code refactor

Co-authored-by: Nicolas Giard <github@ngpixel.com>
2020-01-31 16:57:35 -05:00
NGPixel
ae53484abd feat: admin ssl - renew cert + toggle redirection btn 2020-01-19 21:30:25 -05:00
NGPixel
91e897ccd9 fix: admin contribute list + source permission 2020-01-18 15:19:03 -05:00
NGPixel
b18dd29fa0 feat: browse page by ID 2020-01-14 22:21:43 -05:00
NGPixel
c6933a2d20 feat: let's encrypt 2020-01-11 22:33:27 -05:00
NGPixel
3d6b04f75d fix: handle email verification exceptions (#1227) 2019-11-23 15:06:34 -05:00
NGPixel
49819b41db fix: missing write:pages perm for edit existing pages (#1228) 2019-11-23 14:32:49 -05:00
Justin Kromlinger
8000ebec8f refactor: use dataPath variable as given in file config (#1118)
* Actually use path variables as given in default config

* Drop paths.content, avoid populating the global WIKI object
2019-10-25 18:20:02 -04:00
NGPixel
f1668b9ac5 feat: import assets from disk module 2019-10-20 14:42:10 -04:00