[pull] master from YOURLS:master#36
Open
pull[bot] wants to merge 345 commits into
Open
Conversation
Co-authored-by: ozh <ozh@users.noreply.github.com>
* wrapped $user in preg_quote function * updated auth test for special character in username Co-authored-by: Léo Colombaro <git@colombaro.fr> Co-authored-by: ྅༻ Ǭɀħ ༄༆ཉ <ozh@ozh.org>
- updated calls to functions - deprecate function yourls_activate_plugin_sandbox() - add unit tests - log loaded files - tweak yourls_debug_log to allow early uses Co-authored-by: e-ht <1045813+e-ht@users.noreply.github> Co-authored-by: eht <1045813+e-ht@users.noreply.github.com> Co-authored-by: ྅༻ Ǭɀħ ༄༆ཉ <ozh@ozh.org> Closes #3321
Co-authored-by: ozh <ozh@users.noreply.github.com>
Co-authored-by: ozh <ozh@users.noreply.github.com>
[skip ci]
Fixes #3523 Co-authored-by: ྅༻ Ǭɀħ ༄༆ཉ <ozh@ozh.org>
[skip ci]
[skip ci]
Co-authored-by: ozh <ozh@users.noreply.github.com>
Co-authored-by: ozh <ozh@users.noreply.github.com>
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4 to 5. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@v4...v5) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.24.0 to 2.25.0. - [Release notes](https://github.com/shivammathur/setup-php/releases) - [Commits](shivammathur/setup-php@2.24.0...2.25.0) --- updated-dependencies: - dependency-name: shivammathur/setup-php dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.25.0 to 2.25.1. - [Release notes](https://github.com/shivammathur/setup-php/releases) - [Commits](shivammathur/setup-php@2.25.0...2.25.1) --- updated-dependencies: - dependency-name: shivammathur/setup-php dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.25.1 to 2.25.2. - [Release notes](https://github.com/shivammathur/setup-php/releases) - [Commits](shivammathur/setup-php@2.25.1...2.25.2) --- updated-dependencies: - dependency-name: shivammathur/setup-php dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: ozh <ozh@users.noreply.github.com>
Co-authored-by: ozh <ozh@users.noreply.github.com>
Check if `click_limit` is empty
* Introduce fetch* wrapper * Filter query statements * More generic test * Improve debug message: get real function calling the query (ie "fetchPair", not just "perform") * Prevent notice when no URL
Text & tags left as comment to be used next time
* Fix debug log messages with correct function * debug mode and log improvements - yourls_get_debug_mode() gets actual debug mode, not just the CONST value - yourls_debug_log() only logs if debug mode is true Fixes #4041 * Don't enforce twice the error reporting it's already taken care of in yourls_db_connect() Also : code style * Don't force debug after install As a result unit tests were always running with debug mode on * Update tests Everything must run the same no matter the value of YOURLS_DEBUG
Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.0 to 2.37.1. - [Release notes](https://github.com/shivammathur/setup-php/releases) - [Commits](shivammathur/setup-php@2.37.0...2.37.1) --- updated-dependencies: - dependency-name: shivammathur/setup-php dependency-version: 2.37.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* Make tests debugging easier * Remove displayDetailsOnPhpunitNotices because PHPUnit 10 & 11 trip up
* Prevent XSS in referrers * Add tests for yourls_get_domain()
Empty file and not referenced anywhere
* New action to allow custom redirect logging Closes #3990 --------- Co-authored-by: dgw <dgw@technobabbl.es>
* Implement cookie prefixes * Add tests
Bumps the composer group with 1 update in the /tests directory: [phpunit/phpunit](https://github.com/sebastianbergmann/phpunit). Updates `phpunit/phpunit` from 11.5.50 to 12.5.22 - [Release notes](https://github.com/sebastianbergmann/phpunit/releases) - [Changelog](https://github.com/sebastianbergmann/phpunit/blob/12.5.22/ChangeLog-12.5.md) - [Commits](sebastianbergmann/phpunit@11.5.50...12.5.22) --- updated-dependencies: - dependency-name: phpunit/phpunit dependency-version: 12.5.22 dependency-type: direct:production dependency-group: composer ... Signed-off-by: dependabot[bot] <support@github.com>
* Update checks for min PHP & MySQL requirements * Update unit test comment as well
* Deprecated md5 and weak algos in API sig * Remove md5 info from tools.php * Warn user about md5 in config.php * Hashing password: don't force PASSWORD_BCRYPT. Instead, use PASSWORD_DEFAULT, which is bcrypt as of writing, but may evolve in future PHP releases. * Replace `===` with `hash_equals()` where needed * Enforce REMOTE_ADDR unless trusted proxy * Increase API sig length. Make it filterable and customizable * Escape HTML everywhere * Introduce a new function to escape content except those whitelisted * Decouple API and Cookie * Remove those stupid "since 0.1" that make no sense * Update all tests accordingly Remaining md5() are kept for backward compat, and advertised as deprecated, or kept in test to ensure backward compat tests. To be mentioned in the changelog and blog post: API signatures and cookie values now use separate values, to ensure purpose separation. Existing sessions will be invalidated (users will need to log in again) and API signatures will be regenerated (get new value from your admin/tools.php)
Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.1 to 2.37.2. - [Release notes](https://github.com/shivammathur/setup-php/releases) - [Commits](shivammathur/setup-php@2.37.1...2.37.2) --- updated-dependencies: - dependency-name: shivammathur/setup-php dependency-version: 2.37.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )