xinyin025/TravianZ
1
0
Fork 0
mirror of https://github.com/Shadowss/TravianZ.git synced 2026-06-28 00:24:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
6472b30bd2202aa43c95cb21a46799e6a4bddf0f
TravianZ/GameEngine
T
History
Ferywir 6472b30bd2 fix(admin): verify CSRF token in message admin Mods [#139] (#264) 
sendMessage, massmessage and sysmessage are POSTed to directly, bypassing
admin.php's central csrf_verify(). Add csrf_verify() (after the admin access
check, via the shared GameEngine/Admin/csrf.php) and csrf_field() in their
forms (Newmessage.tpl, massmessage.tpl, sysmessage.tpl; the mass/sys templates
have both a prepare and an execute form).

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-23 11:49:32 +03:00
..
Admin
fix(admin): verify CSRF token in message admin Mods [#139] (#264)
2026-06-23 11:49:32 +03:00
Data
Update Readme
2026-05-15 08:17:14 +03:00
Game
Update Readme
2026-05-15 08:17:14 +03:00
Lang
Some fix
2026-06-22 10:41:25 +03:00
Notes
Incremental Refactor Templates 2
2026-05-07 08:24:40 +03:00
Prevention
Incremental Refactor Templates 2
2026-05-07 08:24:40 +03:00
Account.php
security: harden signup username validation + fix reflected XSS (#184) (#187)
2026-06-09 14:57:56 +03:00
Alliance.php
fix(session): refresh the 30s user-cache after a player's own changes (#239)
2026-06-18 14:59:44 +03:00
Artifacts.php
Fix + Redesign
2026-05-28 12:25:28 +03:00
Automation.php
i18n: render battle reports in each reader's language (EN/FR/RO) (#236)
2026-06-17 16:24:37 +03:00
Battle.php
Fix Admin Panel view & some PHP 8.1+
2026-06-22 09:20:16 +03:00
BBCode.php
Incremental Refactor Form/BBCode/Mailer/Village
2026-05-13 15:09:05 +03:00
Building.php
fix(session): refresh the 30s user-cache after a player's own changes (#239)
2026-06-18 14:59:44 +03:00
Chat.php
fix(chat): stop echoing the raw INSERT query in add_data() [#139] (#243)
2026-06-19 13:31:21 +03:00
Database.php
fix(profile): neutralize stored XSS in profile descriptions [#250] (#252)
2026-06-22 16:31:20 +03:00
favicon.ico
GameEngine and install folders have 777 already set by default
2016-07-02 21:39:28 +02:00
Form.php
Update Readme
2026-05-15 08:17:14 +03:00
functions.php
Incremental Refactor Form/BBCode/Mailer/Village
2026-05-13 15:09:05 +03:00
Generator.php
feat(preferences): apply time preference (timezone + date format) [#198]
2026-06-12 16:46:33 +03:00
index.php
Update Readme
2026-05-15 08:17:14 +03:00
Logging.php
feat: IP ban support (#185) (#188)
2026-06-09 15:15:27 +03:00
Mailer.php
Update Readme
2026-05-15 08:17:14 +03:00
Market.php
fix(market): harden NPC resource distribution against NaN [#211]
2026-06-13 21:38:46 +02:00
Message.php
feat: reports for settling - new village founded & valley occupied (#178) (#190)
2026-06-09 16:47:29 +03:00
Multisort.php
Incremental refactor Generator/Logging/Multisort
2026-05-12 13:22:51 +03:00
Profile.php
fix(profile): neutralize stored XSS in profile descriptions [#250] (#252)
2026-06-22 16:31:20 +03:00
Protection.php
Update Readme
2026-05-15 08:17:14 +03:00
Ranking.php
Incremental Refactor Market/Message/Profile
2026-05-13 12:20:10 +03:00
Session.php
feat(admin): add transparent debug error-log mode
2026-06-12 17:18:39 +03:00
Technology.php
Remove some unused code and some fix
2026-05-21 13:12:21 +03:00
Units.php
Fix(farmlist): raid bugs and PHP 8.3 warnings (#217)
2026-06-15 07:53:14 +03:00
Village.php
Remove some unused code and some fix
2026-05-21 13:12:21 +03:00