Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-12-16 07:20:12 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
6748 commits 2 branches 844 tags 122 MiB
Commit graph

338 commits

Author SHA1 Message Date
Lauri Ojansivu
482682e500 SECURITY VULNERABILITY FIX: Fix XSS bug reported today 4 hours ago by Cyb3rjunky. 
Logged in users could run javascript in input fields.
This affects Wekan versions v3.12-v3.84.
In [Wekan v3.12](https://github.com/wekan/wekan/blob/master/CHANGELOG.md#v312-2019-08-09-wekan-release)
there was [changes for XSS filter to allow inserting images, videos etc
on comment WYSIWYG editor](https://github.com/wekan/wekan/pull/2593)
so features related to that are now removed.
After this fix, Javascript in input fields is not executed.

Thanks to Cyb3rjunky and xet7 !
 2020-03-23 22:29:20 +02:00
Lauri Ojansivu
2b26bbe78a Fix: img tag did not allow width and height. 
Removed swipebox from markdown editor img tag and
updated marked markdown to newest version.

Thanks to hradec and xet7 !

Closes #2956
 2020-03-06 03:52:12 +02:00
Romulus Urakagi Tsai
4b196d5378 Merge branch 'master' of https://github.com/wekan/wekan into lib-change 2020-02-13 09:02:26 +00:00
tsia
3e2415631f
Update header.styl 2020-01-20 11:23:08 +01:00
Romulus Urakagi Tsai
d26bf04bfa Change to relative path and /var/attachments to store 2020-01-14 06:29:34 +00:00
Romulus Urakagi Tsai
93337c20f8 Change upload routine, add upload popup 2019-12-24 08:57:34 +00:00
Romulus Urakagi Tsai
4dcdec0084 Attachment upload from card done, need to fix download link 2019-11-20 10:40:09 +00:00
Lauri Ojansivu
ea823ab68f Assignee field like Jira #2452 , in progress. 2019-11-04 10:00:28 +02:00
Sam X. Chen
4ee88e026e Buxfixed: if username contains space, it will cause @ commment failed to send out email and other 2019-09-19 15:16:48 -04:00
Sam X. Chen
f29d7daa1d BugFix: in richer editor @ autocomplete doesn't really insert the user name into comment properly 2019-09-17 09:30:26 -04:00
Sam X. Chen
194b6ad46e BugFix: in richer editor @ autocomplete doesn't really insert the user name into comment properly 2019-09-17 09:27:23 -04:00
Sam X. Chen
e0046032e8 Fixing @user in comments doesn't work if it's in a separate line 2019-09-11 09:05:16 -04:00
Lauri Ojansivu
0dd3ff29f2 Limit card width to fixed size. 
Thanks to xet7 !
 2019-08-23 02:59:29 +03:00
Sam X. Chen
7d52ae16d5 Bugfix: 2621 Summmernote is too wide on mobile screen 2019-08-15 14:23:14 -04:00
Sam X. Chen
8d76db91b8 Addfeature: Enable HTML email content for richer comment 2019-08-12 17:41:49 -04:00
Sam X. Chen
67d23ff8ae Add Feature: Richer Editor insert picture as attachment instead of b64 string 2019-08-10 21:21:42 -04:00
Sam X. Chen
c569565ec0 Bugfix: 2560, 2604 - enable mixed mode mongodb attachment and filesystem attachment while reading 2019-08-10 00:48:05 -04:00
Sam X. Chen
264526e85f Bugfix: style kbd font color became white after introduced summernote 2019-08-08 09:54:30 -04:00
Sam X. Chen
71d1d9ad98 Bug fix: bug#2589 #2575, Add Features: allowing user to insert/paste link, image, video 2019-08-07 23:44:45 -04:00
Sam X. Chen
8f899fca72 Add Feature: User can have richer formatted text into the comments (unexpected theme changes fixed) 2019-07-25 16:26:33 -04:00
Sam X. Chen
a5c1395c46 Add Feature: User can have richer formatted text into the comments (admin-panel fixed) 2019-07-24 11:01:30 -04:00
Sam X. Chen
2eae236c5a Add Feature: User can have richer formatted text into the comments (bug fixed) 2019-07-23 14:06:41 -04:00
Sam X. Chen
3632f4c8ab Add Feature: Comments can be richer (can support some safe HTML tags) 2019-07-22 23:33:44 -04:00
Sam X. Chen
e3e504310a Add Feature: Comments can be richer (can support some safe HTML tags) 2019-07-22 13:53:37 -04:00
Justin Reynolds
3eb4d2c341 Prettier & eslint project style update 2019-06-28 12:56:51 -05:00
Lauri Ojansivu
db40ca25ac - Fix translation name in Wekan menu: oc to Occitan. 
Thanks to xet7 !
 2019-05-11 00:02:40 +03:00
Guy Zylberberg
1bdc1017d6 Fixed RTL issue #884 2019-05-08 21:30:38 +03:00
guillaume
259ff3436f fix lints 2019-04-24 12:35:00 +02:00
guillaume
8b3601248d Loading authentication page 2019-04-24 12:28:11 +02:00
Lauri Ojansivu
d8554ec67e Combine to same line. 2019-04-08 10:58:49 +03:00
Lauri Ojansivu
0039fe09be Removed commented out text. 2019-03-24 17:44:03 +02:00
Lauri Ojansivu
994314cfa3 Fix filenames and urls. 2019-03-23 21:30:41 +02:00
Lauri Ojansivu
0363e6f122 Remove extra title quotes, so that Custom Product Name comes visible. 
Thanks to xet7 !
 2019-03-22 01:35:53 +02:00
Lauri Ojansivu
2969161afb - More whitelabeling. 
Thanks to xet7 !
 2019-03-21 20:27:21 +02:00
Lauri Ojansivu
216b3cfe01 Fix LDAP login. 
Thanks to xet7 !

Closes wekan/wekan-ldap#43,
closes wekan/wekan-snap#85
 2019-03-15 10:59:54 +02:00
Lauri Ojansivu
32f6de1eec Try to fix [LDAP Login: "Login forbidden", ReferenceError: req is not defined](https://github.com/wekan/wekan-ldap/issues/44). 
Please test.

Thanks to xet7 !

Closes wekan/wekan-ldap#44
 2019-03-14 00:25:40 +02:00
Lauri Ojansivu
08db39d76a Fix lint errors. 
Thanks to xet7 !

Related #2019
 2019-03-08 19:00:56 +02:00
Lauri Ojansivu
ff825d6123 [HTTP header automatic login. Not tested yet.](https://github.com/wekan/wekan/issues/2019). 
Thanks to xet7 !

Related #2019
 2019-03-08 18:40:43 +02:00
Lauri Ojansivu
f19625d835 Fix manifest and icon urls, part 2. 
Thanks to xet7 !
 2019-03-06 18:18:34 +02:00
Lauri Ojansivu
e845fe3e71 Fix manifest and icon paths. 
Thanks to xet7 !

Closes #2168,
closes #1692
 2019-03-06 17:15:36 +02:00
Lauri Ojansivu
4a77bc930f Merge branch 'devel' into edge 2019-02-27 16:26:48 +02:00
Lauri Ojansivu
34d8235551 Add the following new Sandstorm features and fixes: 
- All Boards page [so it's possible to go back from subtask board](https://github.com/wekan/wekan/issues/2082)
- Board favorites
- New Sandstorm board first user is Admin and [has IFTTT Rules](https://github.com/wekan/wekan/issues/2125)
  and Standalone Wekan Admin Panel. Probably some Admin Panel features do not work yet. Please keep backup of your grains before testig Admin Panel.
- Linked Cards and Linked Boards.
- Some not needed options like Logout etc have been hidden from top bar right menu.
- [Import board now works. "Board not found" is not problem anymore](https://github.com/wekan/wekan/issues/1430), because you can go to All Boards page to change to imported board.

and removes the following features:

- Remove Welcome Board from Standalone Wekan, [to fix Welcome board not translated](https://github.com/wekan/wekan/issues/1601).
  Sandstorm Wekan does not have Welcome Board.

Thanks to xet7 !

Closes #2125,
closes #2082,
closes #1430,
closes #1601,
related #2205,
related #2070,
related #1695,
related #1192.
 2019-02-27 16:14:14 +02:00
Andrés Manelli
dc7286a0ef Fix list view issues. Allow creation of boards from templates 2019-02-25 22:48:32 +01:00
guillaume
4ce766853c Fix authentication dropdown 2019-02-15 17:06:05 +01:00
guillaume
ec453b89b8 Fix lints 2019-02-07 11:38:04 +01:00
Lauri Ojansivu
de9965213a - Fix lint errors. 
Thanks to xet7 !
 2019-02-01 21:26:04 +02:00
guillaume
c2118f4830 Improve authentication 2019-02-01 19:00:44 +01:00
hupptechnologies
97f64fe5e6 Issue: Hard to use Wekan on mobile because of UI/UX issues #953 
Resolved #953
 2019-01-01 16:35:18 +05:30
Lauri Ojansivu
c502ab9500 - Revert "Improve authentication" and "Default Authentication Method" 
to make login work again.
- Fixes to docker-compose.yml so that Wekan Meteor 1.6.x version would work.
  Most likely Meteor 1.8.x version is still broken.

Thanks to xet7 !
 2018-12-24 18:18:41 +02:00
Lauri Ojansivu
417dc9dc42 Fix lint errors. 2018-12-21 20:36:26 +02:00