Go to file
Hypolite Petovan 5c5d7eb04f
Fix several vulnerabilities (#13927)
* Escape HTML in the location field of a calendar event post

- This allowed script tags to be interpreted in the post display of an event.

* Add form security token check to /admin/phpinfo module

- This prevents basic XSS attacks against /admin/phpinfo

* Add form security token check to /babel module

- This prevents basic XSS attacks against /babel

* Prevent pass-through for attachments

- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload

* Prevent overwriting cid on event edit

- This allowed to share an event as any other user after zeroing the cid field of an existing event
2024-02-22 06:53:52 +01:00
.ddev
.github/ISSUE_TEMPLATE
.tx
.woodpecker
bin
config
doc Issue 13909: Filter channels by network (#13924) 2024-02-20 07:11:26 +01:00
images Updated Bluesky logo (#13926) 2024-02-21 18:23:36 +01:00
mod Image handling reworked, new image formats added (#13900) 2024-02-17 07:45:41 +01:00
mods Remove deprecated fpostit mod 2024-02-09 20:17:35 -05:00
spec
src Fix several vulnerabilities (#13927) 2024-02-22 06:53:52 +01:00
static Issue 13909: Filter channels by network (#13924) 2024-02-20 07:11:26 +01:00
tests Deprecate use of [*] BBCode tag for list items in favor of [li] 2024-02-09 20:33:42 -05:00
view Fix several vulnerabilities (#13927) 2024-02-22 06:53:52 +01:00
.codecov.yml
.editorconfig
.gitattributes
.gitignore Update .gitignore for new php-cs-fixer filename 2024-01-15 13:24:46 +01:00
.gitmodules
.htaccess-dist
.php-cs-fixer.dist.php Add license header to php-cs-fixer configuration file 2024-01-15 13:31:29 +01:00
.php_cs.dist Do not reformat addon directory 2024-01-15 13:24:46 +01:00
CHANGELOG
CONTRIBUTING.md
CREDITS.txt
Doxyfile
LICENSE
README.md Update README.md: fixing links for mobile screenshots 2024-01-03 16:08:18 +01:00
VERSION bump version to 2024.03-rc 2024-02-14 08:24:41 +01:00
Vagrantfile
composer.json Add new script commands for php-cs-fixer 2024-01-15 12:04:30 +01:00
composer.lock Regenerate composer.lock 2024-01-15 13:24:46 +01:00
database.sql Issue 13909: Filter channels by network (#13924) 2024-02-20 07:11:26 +01:00
docblox.dist.xml
index.php
ruleset.xml
security.txt
update.php Issue 13909: Filter channels by network (#13924) 2024-02-20 07:11:26 +01:00

README.md

Friendica - your open and free social network

Welcome to the free social web. Friendica is a platform for decentralised social communication linking to other independent social and corporate services.

Friendica connects you to a federated communications network of thousands of servers called the Fediverse. Through various protocols you can interact with anyone on Friendica, Mastodon, Lemmy, Diaspora, Misskey, Peertube, Pixelfed, Pleroma and many more. Receiving content from Tumblr, WordPress and RSS is also possible. Friendica allows to import and mirror your content via add-ons such as ITTT and Buffer. You can control the privacy scope of your content.

Being part of the Fediverse allows you to be free from data-harvesting corporations. Enjoy open social communication, independent of any specific provider.

Join Friendica today or set up your own Friendica instance.

Friendica on desktop

Frio theme in desktop browser

Friendica on mobile

frio on mobile, dark color scheme frio on mobile, light color scheme

Endorsements