Commit Graph

712 Commits

Author SHA1 Message Date
Jeremy Quinton ea53c20e76 Merge pull request #478 from publicarray/fix-vulns
Fix vulnerabilities
2018-10-02 12:13:15 +02:00
Jeremy Quinton ed827d5221 Merge pull request #448 from scottybo/master
Fix issue where taxamt not set after import
2018-10-02 11:09:41 +02:00
Jeremy Quinton 3b850479e4 Merge pull request #476 from Attendize/strip_html_tags
Fix xss vulnerability
2018-10-02 10:32:52 +02:00
Jeremy Quinton 7772df3300 added strip tags 2018-11-04 21:41:12 +02:00
Jeremy Quinton 861c2f5434 use strip tags instead of validator 2018-11-04 21:39:05 +02:00
Jeremy Quinton 3868bd4e9e Fixed small publish event link 2018-11-04 21:34:28 +02:00
Jeremy Quinton 703ad37ef5 Prevent xss
1) added better validation across all user input both for the operator of Attendize and end user.
2) Remove html from translations so {{ }} can be used instead of {!! !!} as its more secure.
2018-11-04 21:30:08 +02:00
Jeremy Quinton b62e41265f strip html tags as the string is not escaped by blade 2018-11-04 21:26:55 +02:00
Jeremy Quinton 1eae6cce01 remove any html tags on user input 2018-11-04 21:24:03 +02:00
Jeremy Quinton bdcd12ca28 Merge branch 'master' of https://github.com/Attendize/Attendize 2018-11-04 21:21:01 +02:00
Jeremy Quinton c604d08e8d Fixed license references throughout codebase 2018-11-04 21:12:11 +02:00
Jeremy Quinton d4057e9241 updated license reference 2018-11-04 21:09:26 +02:00
Jeremy Quinton 09335d7aee added image reference 2018-11-04 21:06:17 +02:00
Jeremy Quinton e8d69469be remove migs and coinbase as default gateways 2018-11-04 20:50:24 +02:00
Jeremy Quinton c26bc6b2df fixes bug where sales volume is not incremented correctly 2018-11-04 20:39:42 +02:00
Sebastian Schmidt 0b831955f2 Fix a DoS or even PrivEsc vuln on POST /install
POST on /install must not respond when already installed. Denial of Service and possibly Privilege Escalation by changing the database/mail server
2018-10-02 18:23:33 +10:00
Sebastian Schmidt 5cdfe7151b Fix XSS vulnerability on QR code scanner 2018-10-02 18:15:58 +10:00
Jeremy Quinton 510bdefec2 Merge pull request #475 from dsnap1993/master
fix bug where postMessageOrder gets datas of orders table
2018-09-28 19:46:48 +02:00
dsnap1993 d6bada6382 fix bug where postMessageOrder gets datas of orders table 2018-09-29 01:15:57 +09:00
Jeremy Quinton abd23bd703 Merge pull request #460 from Attendize/fix-date-off-by-one
Fixes #414 #450 #434
2018-09-15 23:33:02 +02:00
Jeremy Quinton c3cd0a60c7 fixes #414 #450 #434 2018-11-04 21:02:41 +02:00
Jeremy Quinton 3dd673b1ec Merge pull request #457 from Attendize/escape-translations-correctly
Replace lang with trans and escape html correctly for various views
2018-09-11 21:22:54 +02:00
Jeremy Quinton 562b8698dd Merge branch 'master' of https://github.com/Attendize/Attendize 2018-11-04 20:53:34 +02:00
Jeremy Quinton 920fbac64e replace lang with trans and escape html correctly for various views 2018-11-04 20:22:51 +02:00
Jeremy Quinton 81d67e4180 updated copy in install process 2018-11-04 20:15:21 +02:00
Jeremy Quinton 6e0c37d701 bump mysql version and load laravel environment variables into php container 2018-11-04 20:06:59 +02:00
Sam Bell 5ac96236fa Corrected licence info to Composer standards 2018-09-06 22:37:26 +08:00
Jeremy Quinton 55c77e8705 added line break 2018-09-03 21:58:20 +02:00
Jeremy Quinton f808a81707 better styling 2018-09-03 21:56:31 +02:00
Jeremy Quinton f31d341def broke up paragraph 2018-09-03 21:55:26 +02:00
Jeremy Quinton ae5958d5b2 added newlines 2018-09-03 21:54:39 +02:00
Jeremy Quinton d3a520badc fixed typo 2018-09-03 21:53:48 +02:00
Jeremy Quinton 6c914e0ece Merge branch 'master' of https://github.com/Attendize/Attendize 2018-09-03 21:52:41 +02:00
Jeremy Quinton 0b0de19bf8 simplified readme which now links to the documentation website 2018-09-03 21:52:23 +02:00
Scott Bowler 534d3a2126 Modify deprecated "lists" to "pluck" 2018-09-03 14:44:56 +01:00
Scott Bowler 118efbe8ae Fix issue where taxamt not set after import 2018-09-03 10:49:29 +01:00
Jeremy Quinton a4fb2519aa fixed issue with installed when app key is regenerated to make key length 32 characters and not 16 2018-09-02 23:16:40 +02:00
Jeremy Quinton b257eeb3d3 Merge pull request #446 from heilgar/445-surveys-list-bug
445 fix surveys bug after updating to L5.6
2018-09-02 19:40:45 +02:00
Jeremy Quinton db148aa45d use trans instead of lang so messages display correctly with html not escaped 2018-09-02 18:09:39 +02:00
heilgar 6d9fd0ccdc 445 fix surveys bug after updating to L5.6 2018-09-02 19:01:53 +03:00
Jeremy Quinton d693976f24 added extra troubleshooting steps 2018-08-29 08:17:59 +02:00
Jeremy Quinton 0b2cfa6ebf use send instead of queue method for mail when inviting attendee 2018-08-23 10:42:05 +02:00
Jeremy Quinton 9d29ce0d2b Merge pull request #429 from Attendize/better-error-handling
Handle errors independently of one another
2018-08-22 16:50:41 +02:00
Jeremy Quinton 5f2c4c8ac9 Merge pull request #424 from Attendize/upgrade-laravel-5.6
Upgrading to Laravel 5.6
2018-08-21 12:55:31 +02:00
Jeremy Quinton 0d4f035ce4 removing composer lock.
Not including composer lock. Users of attendize can generat there own lock file.
2018-08-21 12:50:21 +02:00
Jeremy Quinton 5087218306 Removed setFetchMode function
Laravel 5.4 removed support for setFetchMode so convert array of object to array of arrays manually.
2018-08-21 12:38:00 +02:00
Jeremy Quinton d49934ab07 final lock file for composer 2018-08-21 12:12:30 +02:00
Jeremy Quinton a71cb6aeac Tweeks to readme to make it more readable. 2018-08-19 20:24:09 +02:00
Jeremy Quinton 73b7808ff4 When an order is refunded display the actual refunded amount.
When viewing a refunded order display the amount_refunded instead of the order amount.
2018-08-17 17:13:57 +02:00
Jeremy Quinton afc50a04b8 Mark order as paid if ticket price is zero
When inviting an attendee if the ticket price is free mark the order as paid to prevent orders being marked as unpaid
2018-08-17 16:54:03 +02:00