itepechi/akkoma
1
0
Fork 0
Code Issues Pull requests Releases Activity
15965 commits 3 branches 2 tags 277 MiB
Commit graph

11 commits

Author SHA1 Message Date
Oneric
96fe080e6e Convert all raw :zip usage to SafeZip 
Notably at least two instances were not properly guarded from path
traversal attack before and are only now fixed by using SafeZip:

 - frontend installation did never check for malicious paths.
   But given a malicious froontend could already, e.g. steal
   all user tokens even without this, in the real world
   admins should only use frontends from trusted sources
   and the practical implications are minimal

 - the emoji pack update/upload API taking a ZIP file
   did not protect against path traversal. While atm
   only admins can use these emoji endpoints, emoji
   packs are typically considered "harmless" and used
   without prior verification from various sources.
   Thus this appears more concerning.
 2025-02-14 22:10:25 +01:00
Floatingghost
cbd236aeb5 mix format 2024-10-26 05:04:20 +01:00
TudbuT
8b5aca9619
fix fs error while unpacking frontends 2024-10-18 14:50:28 +02:00
FloatingGhost
9d9c26b833 Ensure Gun is Gone 2022-12-11 19:26:21 +00:00
floatingghost
364b6969eb Use finch everywhere (#33) 
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/33
 2022-07-04 16:30:38 +00:00
FloatingGhost
f15c9e8b08 format everything 2022-06-15 18:22:30 +01:00
FloatingGhost
5b11543c96 update pleroma-fe url 2022-06-15 18:18:23 +01:00
Haelwenn (lanodan) Monnier
c4439c630f
Bump Copyright to 2021 
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;'
 2021-01-13 07:49:50 +01:00
lain
bb9650f3c2 FrontendController: Return error on installation error. 2020-11-17 16:43:07 +01:00
Egor Kislitsyn
d83c2bd330
Add support for install via file and build_url params 2020-10-29 16:37:50 +04:00
Egor Kislitsyn
03e306785b
Add an API endpoint to install a new frontend 2020-10-27 19:20:21 +04:00