Jakub Vrana
|
0268aba85a
|
Avoid count(null)
|
2018-01-16 16:22:24 +01:00 |
|
Jakub Vrana
|
0fae40fb61
|
Disallow connecting to privileged ports (thanks to hyp3rlinx)
|
2018-01-16 11:18:32 +01:00 |
|
Jakub Vrana
|
0e5df34ea8
|
Rate limit password-less login attempts from the same IP address (thanks to hyp3rlinx)
|
2018-01-16 11:17:25 +01:00 |
|
Jakub Vrana
|
f3938c1a66
|
Use HTTPS
|
2018-01-14 11:03:54 +01:00 |
|
Jakub Vrana
|
07aa80048a
|
Use HTTPS in doc_link()
|
2018-01-14 10:38:01 +01:00 |
|
Jakub Vrana
|
6d14b47d02
|
Fix select function onchange
|
2018-01-14 10:18:38 +01:00 |
|
Jakub Vrana
|
cc268428b8
|
Fix SQL command toggle
|
2018-01-14 00:10:42 +01:00 |
|
Jakub Vrana
|
80d030f51a
|
Disallow scripts without nonce
|
2018-01-13 22:19:16 +01:00 |
|
Jakub Vrana
|
e23da5da0e
|
Fix wrapping in Create table
|
2018-01-13 17:40:21 +01:00 |
|
Jakub Vrana
|
9d532fc0a1
|
Use script_src for <script src>
|
2018-01-13 16:25:11 +01:00 |
|
Jakub Vrana
|
144c7de27f
|
Fix typo in script()
|
2018-01-13 15:23:47 +01:00 |
|
Jakub Vrana
|
b7fcebfba8
|
Do not send empty CSP
|
2018-01-13 14:21:54 +01:00 |
|
Jakub Vrana
|
3fe0d88f98
|
Editor: Fix Search data in tables
|
2018-01-12 23:59:04 +01:00 |
|
Jakub Vrana
|
001c37e240
|
Use <script> instead of inline event handler for skipping original
|
2018-01-12 23:27:14 +01:00 |
|
Jakub Vrana
|
b6cc584f48
|
Move inline event handlers to <script>
|
2018-01-12 22:46:16 +01:00 |
|
Jakub Vrana
|
af1ad47a64
|
Return false from editingMoveRow()
|
2018-01-12 22:35:05 +01:00 |
|
Jakub Vrana
|
2eaac2e94e
|
Move inline event handlers to <script>
|
2018-01-12 22:25:38 +01:00 |
|
Jakub Vrana
|
40abffe8de
|
Use oninput instead of onchange
|
2018-01-12 22:18:54 +01:00 |
|
Jakub Vrana
|
259a465125
|
Move inline event handlers to <script>
|
2018-01-12 21:57:54 +01:00 |
|
Jakub Vrana
|
6353a89816
|
Use oninput instead of onkeyup
|
2018-01-12 18:46:44 +01:00 |
|
Jakub Vrana
|
38aac7ada2
|
Move inline event handlers to <script>
|
2018-01-12 18:34:19 +01:00 |
|
Jakub Vrana
|
24245867d7
|
Use <script> instead of inline event handler in on_help()
|
2018-01-12 18:11:00 +01:00 |
|
Jakub Vrana
|
1459df56bc
|
Move inline event handlers to <script>
|
2018-01-12 17:59:46 +01:00 |
|
Jakub Vrana
|
0411495d20
|
Move inline event handlers to <script>
|
2018-01-12 17:19:47 +01:00 |
|
Jakub Vrana
|
5e9df49fd1
|
Move inline event handlers to <script>
|
2018-01-12 17:11:29 +01:00 |
|
Jakub Vrana
|
068ee71bf7
|
Return false from editingRemoveRow
|
2018-01-12 17:11:29 +01:00 |
|
Jakub Vrana
|
e645693147
|
Use script() for <script>
|
2018-01-12 17:10:33 +01:00 |
|
Jakub Vrana
|
12fbfc9847
|
Move inline event handlers to <script>
|
2018-01-12 17:09:41 +01:00 |
|
Jakub Vrana
|
6b2ba65084
|
Use <script> instead of inline event handler in print_fieldset()
|
2018-01-12 17:09:41 +01:00 |
|
Jakub Vrana
|
a5ee3451ac
|
Use <script> instead of inline event handler in confirm()
|
2018-01-12 17:09:41 +01:00 |
|
Jakub Vrana
|
da671df728
|
Move inline event handlers to <script>
|
2018-01-12 17:09:41 +01:00 |
|
Jakub Vrana
|
650221357d
|
Return false from ajaxSetHtml()
|
2018-01-12 17:09:41 +01:00 |
|
Jakub Vrana
|
d996b48cfa
|
Move inline event handlers to <script>
|
2018-01-12 17:09:41 +01:00 |
|
Jakub Vrana
|
36edd445a6
|
Move inline event handlers to <script>
|
2018-01-12 17:09:41 +01:00 |
|
Jakub Vrana
|
7305783c21
|
Return false from toggle()
|
2018-01-12 17:09:41 +01:00 |
|
Jakub Vrana
|
ee3a88d574
|
onchange='selectFieldChange
|
2018-01-12 17:09:41 +01:00 |
|
Jakub Vrana
|
e5c52589ec
|
Use @this in selectFieldChange
|
2018-01-12 17:09:41 +01:00 |
|
Jakub Vrana
|
3b0e1cf289
|
Move inline event handlers to <script>
|
2018-01-12 17:09:41 +01:00 |
|
Jakub Vrana
|
813ada6661
|
Revert using @this in formChecked
|
2018-01-11 18:58:00 +01:00 |
|
Jakub Vrana
|
4be72a2a0d
|
Allow customizing CSP
|
2018-01-11 18:39:49 +01:00 |
|
Jakub Vrana
|
541c3c1fed
|
Allow img-src data: common in skins
|
2018-01-11 18:39:49 +01:00 |
|
Jakub Vrana
|
3408d4ad78
|
Use JSON.parse if available
|
2018-01-11 18:39:49 +01:00 |
|
Jakub Vrana
|
e614ae08c4
|
Add Content Security Policy
|
2018-01-11 18:39:49 +01:00 |
|
Jakub Vrana
|
552d2a6be4
|
Always send security headers in customization
|
2018-01-11 18:39:49 +01:00 |
|
Jakub Vrana
|
415253b1b1
|
Add nosniff header
|
2018-01-11 18:39:22 +01:00 |
|
Jakub Vrana
|
d07b7e3773
|
Use Referrer-Policy instead of <meta name="referrer">
To make securityheaders.io happy.
Also fix a typo in the value (https://lists.w3.org/Archives/Public/public-webappsec/2015May/0059.html).
|
2018-01-11 18:38:15 +01:00 |
|
Jakub Vrana
|
14778165a8
|
Use @this in JavaScript (prepares for removing inline event handlers)
|
2018-01-11 17:01:29 +01:00 |
|
Jakub Vrana
|
72b199378a
|
Prevent PHP 7.1 warning about non-numeric values
|
2018-01-11 16:22:29 +01:00 |
|
Jakub Vrana
|
329fa55af5
|
Unindent doc-comments
|
2018-01-11 15:14:05 +01:00 |
|
Jakub Vrana
|
dc85ba2d86
|
Delete type="text/javascript" from <script> as it is the default in HTML5
|
2018-01-11 14:13:43 +01:00 |
|