Kyle Gehmlich
545ba4ec95
fix: remove duplicate query parameters on HTTPS redirect ( #6460 )
...
HTTPS redirection rebuilds the full URL using req.originalUrl, which
includes query parameters (see
https://expressjs.com/en/api.html#req.originalUrl ). Prior to this patch,
appending the stringified query params to req.originalUrl resulted in
duplicate parameters, e.g.
wiki.js/callback?session=123&code=abc?session=123&code=abc
which caused errors when being redirected from an insecure (http://)
callback URL to a secure version when using OIDC (e.g. with keycloak).
This issue is probably rare, but in cases where HTTPS redirection is
enabled and a user tries to hit an insecure URL with query parameters,
it could cause problems.
2023-06-03 23:19:01 -04:00
Dan Nicholson
78a35c377c
feat: include query parameters in locale redirect ( #6132 )
...
* feat: include query parameters in locale redirect
* refactor: code cleanup
---------
Co-authored-by: Nicolas Giard <github@ngpixel.com>
2023-02-16 19:04:19 -05:00
NGPixel
8715cd69b2
feat: edit shortcuts
2022-09-20 16:55:05 -04:00
NGPixel
48077fc9e5
feat(admin): make page extensions configurable
2022-06-24 22:20:36 -04:00
NGPixel
13890a92ab
fix: default comment provider not displaying
2022-04-29 19:36:47 -04:00
Nicolas Giard
a647626a51
fix: external comments template using incorrect page variables
2022-04-14 22:09:45 -04:00
NGPixel
92fe9d3e31
fix: view source of page version crash ( #3297 )
2022-01-10 17:20:13 -05:00
opalmay
9081232e7c
fix: disallow # char in file uploads ( #3770 )
2021-05-20 15:16:26 -04:00
PaulD987
3f001dca2c
fix: loginRedirect doesn't work for non local strategies ( #3222 )
2021-03-18 21:56:59 -04:00
NGPixel
0fa5b9750d
fix: handle missing extra field during page render
2020-10-03 16:50:51 -04:00
NGPixel
5295e413be
fix: bypass page rule check for global permission check + handle missing page extra field
2020-09-09 19:35:43 -04:00
NGPixel
78417524b3
feat: ldap avatar support
2020-09-07 20:02:33 -04:00
NGPixel
062a0b7979
feat: logout by auth strategy + keycloak implementation
2020-09-01 20:01:39 -04:00
NGPixel
ae733392f3
feat: password reset
2020-08-30 21:46:55 -04:00
NGPixel
e319355017
feat: enable/disable TFA per user
2020-08-30 14:18:22 -04:00
NGPixel
8c205b6950
fix: site title check + UI fixes + 2FA setup on account verify
2020-08-23 12:58:56 -04:00
Seyed Sajad Kahani
15bca54bdf
fix: change language in edit, history and source pages ( #2194 )
...
* change language in edit, history and source pages
* fix: remove unnecessary i18n locale switch for download page
Co-authored-by: Nicolas Giard <github@ngpixel.com>
2020-07-29 19:54:31 -04:00
NGPixel
4cd6fe8a56
fix: unauthorized admin should receive 403 code
2020-07-19 15:30:29 -04:00
NGPixel
4f16dd0c81
fix: admin permissions + restrict nav settings
2020-07-19 15:26:51 -04:00
NGPixel
b475795595
feat: login bg + bypass + hide local option
2020-07-05 01:36:02 -04:00
NGPixel
4cb7f33dcf
feat: visual editor code + sub/sup + table props
2020-06-21 14:47:11 -04:00
NGPixel
4855051d87
feat: page published state + comments localization
2020-06-20 22:08:59 -04:00
NGPixel
83b83a7510
feat: page css + scripts
2020-06-20 16:39:36 -04:00
NGPixel
718c14dd74
feat: editor props scripts + styles code editor
2020-06-19 21:00:44 -04:00
Regev Brody
0a16929a57
fix: editing buttons showing up even if no action is allowed ( #2043 )
...
* feat: Edit / Page Create Buttons showing up even if no action is allowed #1780
2020-06-19 18:54:05 -04:00
NGPixel
1222355046
feat: comments - default provider create (wip) + permissions
2020-05-26 22:56:24 -04:00
NGPixel
fb6c01c538
fix: legacy page view
2020-05-21 00:20:57 -04:00
NGPixel
887e8a0f5a
feat: comments disqus + commento
2020-05-21 00:20:57 -04:00
NGPixel
134f057bb8
feat: uploads config + security admin page
2020-05-10 15:55:28 -04:00
NGPixel
cc9f022051
fix: nav external blank option
2020-05-08 18:48:07 -04:00
NGPixel
dae64f00a0
fix: brute-knex refactor
2020-04-21 23:16:13 -04:00
NGPixel
8aba5305d8
feat: sidebar item permissions + admin nav edit
2020-04-18 18:33:22 -04:00
NGPixel
1e4d513252
feat: user profile page - save info + change pwd
2020-04-05 23:49:26 -04:00
NGPixel
4398573645
feat: save conflict check polling
2020-03-02 00:43:19 -05:00
NGPixel
13a995133b
feat: branch off / create from template
2020-03-01 18:25:43 -05:00
NGPixel
e50dc89519
feat: view version of page source
2020-03-01 18:25:43 -05:00
NGPixel
2ac9131244
feat: page history - download version
2020-03-01 18:25:43 -05:00
NGPixel
ff5acba358
fix: redirect to previous path after login
2020-02-07 14:51:11 -05:00
NGPixel
1fc786e2ed
fix: redirect home to login only if guest
2020-02-07 14:32:45 -05:00
NGPixel
ad3a6e15f9
fix: rtl list bullet symbol
2020-01-31 22:34:38 -05:00
NGPixel
1914d40574
fix: set rtl correctly if default lang is non-rtl
2020-01-31 22:29:40 -05:00
BobbyB
b82c788e5c
feat: add Page Rules For Matching Tags ( #1418 )
...
* Added Page Rules For Matching Tags
* fix: use T as Tag Match icon
* fix: reorder page rules in checkAccess
* fix: common controller tags code refactor
Co-authored-by: Nicolas Giard <github@ngpixel.com>
2020-01-31 16:57:35 -05:00
NGPixel
ae53484abd
feat: admin ssl - renew cert + toggle redirection btn
2020-01-19 21:30:25 -05:00
NGPixel
91e897ccd9
fix: admin contribute list + source permission
2020-01-18 15:19:03 -05:00
NGPixel
b18dd29fa0
feat: browse page by ID
2020-01-14 22:21:43 -05:00
NGPixel
c6933a2d20
feat: let's encrypt
2020-01-11 22:33:27 -05:00
NGPixel
3d6b04f75d
fix: handle email verification exceptions ( #1227 )
2019-11-23 15:06:34 -05:00
NGPixel
49819b41db
fix: missing write:pages perm for edit existing pages ( #1228 )
2019-11-23 14:32:49 -05:00
Justin Kromlinger
8000ebec8f
refactor: use dataPath variable as given in file config ( #1118 )
...
* Actually use path variables as given in default config
* Drop paths.content, avoid populating the global WIKI object
2019-10-25 18:20:02 -04:00
NGPixel
f1668b9ac5
feat: import assets from disk module
2019-10-20 14:42:10 -04:00