Andrew DeMaria
afb9c6bfb7
Merge remote-tracking branch 'airsonic/pr/954'
6 years ago
Andrew DeMaria
1daa6cff6e
Merge remote-tracking branch 'airsonic/pr/952'
6 years ago
Andrew DeMaria
72609a8d0c
Merge remote-tracking branch 'airsonic/pr/950'
6 years ago
Andrew DeMaria
c460a16628
Merge remote-tracking branch 'airsonic/pr/928'
6 years ago
jvoisin
87442320fc
Try to run jkd9 on travis-ci
6 years ago
jvoisin
d35834c0e7
Fix a bunch of dom-based xss
...
This should close #633
6 years ago
jvoisin
0d6cbb60ed
Use https for external links
6 years ago
jvoisin
ab1690b1fe
Don't display the title if it's empty
6 years ago
Andrew DeMaria
83882b18d9
Merge remote-tracking branch 'airsonic/pr/919'
6 years ago
Andrew DeMaria
81835aa589
Merge remote-tracking branch 'airsonic/pr/934'
6 years ago
Andrew DeMaria
f8f5c4a6bf
Merge remote-tracking branch 'airsonic/pr/936'
6 years ago
Andrew DeMaria
b73ab9c45e
Merge remote-tracking branch 'airsonic/pr/949'
6 years ago
Andrew DeMaria
78ee5bd1da
Merge remote-tracking branch 'airsonic/pr/948'
6 years ago
Andrew DeMaria
221a0ed933
Merge remote-tracking branch 'airsonic/pr/945'
6 years ago
jvoisin
ac1c887698
Remove Google+ relics
...
Google+ is dead: https://developers.google.com/+/
6 years ago
jvoisin
cb0866d5fd
Download dependencies via https on download.java.net
6 years ago
Andrew DeMaria
edd097ad5b
Add a couple of static analysis badges
6 years ago
jvoisin
5edebf7885
Remove inline javascript on the `cancel` buttons
...
The inline javascript used with the cancel buttons
was only used to change the location.
Instead of doing this, it's easier to wrap
the button in a tag.
This is related to #909 .
6 years ago
Andrew DeMaria
cd45717256
Merge remote-tracking branch 'airsonic/pr/938'
6 years ago
Andrew DeMaria
570abe69d5
Merge remote-tracking branch 'airsonic/pr/939'
6 years ago
Andrew DeMaria
d5500ce3d2
Merge remote-tracking branch 'airsonic/pr/941'
6 years ago
Andrew DeMaria
41a5ae06d5
Merge remote-tracking branch 'airsonic/pr/922'
6 years ago
Andrew DeMaria
6613bd86d5
Merge remote-tracking branch 'airsonic/pr/907'
6 years ago
Andrew DeMaria
c9a209fd8f
Merge remote-tracking branch 'airsonic/pr/943'
6 years ago
Andrew DeMaria
2b0fe25eff
Merge remote-tracking branch 'airsonic/pr/946'
6 years ago
jvoisin
ba6b39b7b2
Add two <meta> tags
...
- Add a description, since this can be useful
in browser's histories
- Add a viewport, making it less worse to use
airsonic on a super-small screen
6 years ago
jvoisin
4d5680931c
Add the dates of the releases to the changelog
6 years ago
jvoisin
883022d81a
Remove script.aculo.us dependency
...
It's not used anywhere, using an old version,
and the project doesn't seem to be maintained anyway.
6 years ago
jvoisin
910802b64f
Fix a small resource leak
6 years ago
jvoisin
2f9046d6b4
Fix a xss and clean up some js
...
- Fix a stupid self-XSS. I doubt that there are ways to
use it against other users, but well, better safe than sorry
- Replace the javascript-on-focus hacks with the `autofocus` attribute
6 years ago
François-Xavier Thomas
bcc5f8d7a6
Fix StringIndexOutOfBounds errors thrown by DWR/YUI
6 years ago
jvoisin
61c842923a
Generate new passwords in a secure way
...
Previously, lost passwords were generated via
org.apache.commons.lang.RandomStringUtils,
which is using java.util.Random internally.
This PRNG is has a 48-bit seed, that can easily be bruteforced
if an attacker is able to get the PRNG's output, for example
but resetting their own account multiple times,
leading to trivial privileges escalation attacks.
This commit makes use of java.security.SecureRandom
instead.
6 years ago
Andrew DeMaria
e330eeb864
Remove coverity integration - not working
6 years ago
Andrew DeMaria
4e73266a7f
Add travis ci badge
6 years ago
Andrew DeMaria
897de26886
Remove comment
6 years ago
Andrew DeMaria
bc0bfdf481
Update scan token
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
fb0079d3c0
Merge remote-tracking branch 'origin/pr/932'
6 years ago
Andrew DeMaria
54e1237320
Exclude new spring 5.0.5 cve
6 years ago
Andrew DeMaria
5dc96ba011
Add coverity badge
6 years ago
jvoisin
6f3c3312ee
Add coverity scan to travis
6 years ago
Andrew DeMaria
8a1f36c792
Revert change to DWR fixes #923
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
jvoisin
39b9eab715
Simplify a bit the css
6 years ago
jvoisin
0b72acefed
Oups
6 years ago
jvoisin
fa5ffdc07a
Remove the external fonts usage
...
This is a radical (and simple) solution
to #853 , #399 , #439 , #174 and partially #712 .
6 years ago
jvoisin
ab92f83c1f
Add a bunch of hardening to the systemd unit
...
I tested this locally, it's working on my machine™
Nothing fancy, no new privileges, private stuff (/tmp, …),
no exotic devices/access/…, …
Signed-off-by: jvoisin <julien.voisin@dustri.org>
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
e76d44d957
Merge remote-tracking branch 'origin/pr/908'
6 years ago
Andrew DeMaria
9413f1f489
Merge remote-tracking branch 'origin/pr/912'
6 years ago
Andrew DeMaria
8f1d790784
Merge remote-tracking branch 'origin/pr/913'
6 years ago
Andrew DeMaria
00ee8a9662
Merge remote-tracking branch 'origin/pr/915'
6 years ago
Andrew DeMaria
a3041a59c7
Merge remote-tracking branch 'origin/pr/916'
6 years ago