Add rate limiting to user profile posts #3145
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Also fix possible style issue in Safari
tadhgboyle
approved these changes
Dec 28, 2022
Derkades
pushed a commit
that referenced
this pull request
Dec 28, 2022
Also fix possible style issue in Safari
samerton
added a commit
that referenced
this pull request
Apr 30, 2023
* Missing $ * Delete reported user on deletion (#3065) * Actionable error message * Keep inaccessible labels in a topic when editing them as a unauthorized user (#3033) * Fix OAuth url (#3031) * Show correct server id when it is updated (#3075) * Show correct server id when it is updated * Remove guild id caching from Discord class * Simplify missing vendor instructions (#3079) * Fix widget error when user is deleted (#3078) * Automatically detect installation path during installation (#3081) * Allow cancelling OAuth register flow (#3089) * Fix tinymce image upload errors (#3095) * Return redirect when punishing users (#3101) * Fix oauth bypasses validation & banned checks (#3103) * Fix update available alerts on frontend Closes #3021 * Add ability to change password of users via StaffCP (#3097) * Add ability to change password via UserCP * Convert change password to modal * Use correct language string and revert accidental deleting of button * Additional permission check * Fix TinyMCE spoiler plugin url (#3088) * Fix TinyMCE spoiler plugin url * Support subdirectories Co-authored-by: Supercrafter100 <58982133+supercrafter100@users.noreply.github.com> * Cleanup some frontend JS * Add back copy function * Use navigator clipboard for api url copying * Various performance improvements * Remove user field from re-auth page (#3071) * Fix force HTTPS redirect * Update discord.tpl (#3115) * Update discord.tpl * Reduce indentation Co-authored-by: Sam <samerton@users.noreply.github.com> * Delete reported user on deletion (#3065) * Update module.php * Various performance improvements (#3119) * Various performance improvements * Remove debug * Remove more debug * Improve StaffCP total users widget * Update forum + topic latest post when a user is marked as spam (#3124) * Do not verify HTML in TinyMCE for admins * Run PHPStan on 8.2 (#3133) * Apply rate limiting to forgot password (#3130) * Apply rate limiting to forgot password * Update modules/Core/pages/forgot_password.php Co-authored-by: Tadhg Boyle <tadhgsmboyle@gmail.com> * remove unused variable * Use static function * Allow two attempts per minute * Update forgot_password.php Co-authored-by: Tadhg Boyle <tadhgsmboyle@gmail.com> * StaffCP performance improvements * Delete replies to a spammer's topic (#3135) * Allow all tinymce valid_children when admin (#3144) * Add rate limiting to user profile posts (#3145) Also fix possible style issue in Safari * Ensure reported_id column is nullable in reports table * Copywrite year update 🎉 (#3151) * Change to new /configure command (#3154) * Fix fallback to default template not working (#3153) * Fix fallback to default template not working * Fallback to default panel template * Add instructions on how to disable portal page to template (#3161) * Fix sorting with thousands separators in value (#3162) * Workaround for yarn cache dir permissions (#3160) * Fix checkbox aligning vertically (#3170) * Remove yarn workaround, we use npm now (#3172) * Move from yarn to npm (#3173) * Remove yarn lock, add npm lock * Rename post install script * Fix captcha validation (#3175) * Update Recaptcha2.php * Remove site key and secret validation * Don't forget validateKey! * Add upgrade script from 2.0.2 to 2.0.3 (#3180) * Misc fixes (#3128) * Make sure integration verify code is not null * Fix footer with CSS to remove flicker on each page load * Allow setting `Helo` and `Hostname` values explicitly for sending SMTP emails * Remove binding column name (#3187) * Fix dark mode segment border colour * Revert "Fix footer with CSS to remove flicker on each page load" This reverts commit 006b7b7. * Fix fallback to default template dark mode option without user preference (#3186) * Simplify forum post quoting system (#3184) * Show user debug details in debug info * Fix requested changes * Fix requested change * Add warning for using 3rd party panel templates (#3189) * Add back discord invite instructions (#3195) * Fix post editing (#3176) * Fix post editing Default to an empty array if the variable is null * Default empty array with array_reduce * Use default value to `array_reduce` Co-authored-by: Tadhg Boyle <tadhgsmboyle@gmail.com> * Create release script (#3191) * Create release script * Produce upgrade zip * Remove temp directory afterwards * Allow running release script without TTY (#3200) * Fixed release zips including cache (#3205) * Fix LatestPostsWidget bugs (#3204) * Fix MySQL `IN` clause string interpolation in Forum `getLatestDiscussions` * Fix $limit being applied * Remove comments * Ignore future dates in dashboard overview graph data (#3197) * Fix forum post seeder not filling some columns (#3206) * Allow selecting timezone during install (#3199) * Add X-API-Key fallback header if Authorization is missing (#3217) * Fix `Util::setSetting` cache not being updated (#3221) * Fix `setSetting` cache not being updated * Use reference * Fix minecraft panel page using outdated constant Co-authored-by: Robin <robin+git@rkslot.nl> * Properly encode content for javascript (#3227) * Use X-Forwarded-Proto to determine port (#3229) * Allow browser scripts to bypass force_2fa redirects (#3076) * Allow browser scripts to bypass force_2fa redirects so secret doesn't get regenerated * Remove space Co-authored-by: Tadhg Boyle <tadhgsmboyle@gmail.com> * Create upgrade zip before installing development dependencies * Make sure integration allow linking before forcing * Fix invalid lock file * Trim whitespace at start of query when determining if is select * Partly backport #3111 * Adjust paths for old scripts location * Use correct source directory (#3238) * Release 2.0.3 (#3239) * Release 2.0.3 * Create links to PRs * Add date --------- Co-authored-by: Tadhg Boyle <tadhgsmboyle@gmail.com> * Run release script with oldest suppported PHP version (#3248) --------- Co-authored-by: Supercrafter100 <58982133+supercrafter100@users.noreply.github.com> Co-authored-by: Partydragen <adrian_kili@outlook.com> Co-authored-by: Robin <robinslot@hotmail.nl> Co-authored-by: Tadhg Boyle <tadhgsmboyle@gmail.com> Co-authored-by: Robin <robin+git@rkslot.nl> Co-authored-by: Partydragen <admin@partydragen.com> Co-authored-by: TeemoCell <github@teemocell.dev> Co-authored-by: PadowYT2 <me@padow.ru> Co-authored-by: Robin Slot <robin+github@rkslot.nl>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Also fix possible style issue in Safari
Closes #3116