Timothée Alby
294ce1a13c
remove dead code around syncUserToSubscription ( #2122 )
...
GitOrigin-RevId: d489365a4bceb9d675e6a75b25be61baa3aa010e
2019-09-04 11:45:24 +00:00
Alasdair Smith
41f75b5936
Merge pull request #1543 from sharelatex/as-fix-potential-angular-xss
...
Fix potential Angular XSS issues
GitOrigin-RevId: a18a609a25b29e910cb78e28a37398417cfe4842
2019-03-18 10:37:15 +00:00
Timothée Alby
89f31d71e3
Merge pull request #1603 from sharelatex/spd-admin-panel-buttons-not-working
...
Don't use multipart/form-data for admin panel buttons
GitOrigin-RevId: 97c265a1c0addbddf5628d5e0c70fedb38bda75d
2019-03-11 11:07:45 +00:00
Shane Kilkelly
7f7b10aa09
Sanitize display of system messages.
...
When showing system-messages, use default Angular sanitizer, also,
on the admin panel itself, show the verbatim text of the message.
This solves a mild Stored-XSS vulnerability whereby a user could
put `<script>` tags in a message. We don't want that, but we do want
to be able to use basic html tags.
2018-08-22 10:15:50 +01:00
Shane Kilkelly
b0dd7475b0
fix pug syntax
2017-01-31 14:57:22 +00:00
Shane Kilkelly
57cd54bf55
WIP: migrate from jade to pug
2017-01-20 12:03:02 +00:00
Henry Oswald
4029b76d9e
- make system messages default tab in admin panel
...
- add manage site tab to dropdown
2016-06-06 16:11:26 +01:00
James Allen
9b8cf7bcfa
Remove public registration and require that a user be registered by an admin
2015-03-19 14:22:48 +00:00